Arbitrary File Read Vulnerability in WP Job Portal Plugin by WordPress
CVE-2025-14293

6.5MEDIUM

Key Information:

Vendor

WordPress
Status
WP Job Portal – Ai-powered Recruitment System For Company Or Job Board Website
Vendor
CVE Published:
11 December 2025

What is CVE-2025-14293?

The WP Job Portal plugin for WordPress, present in all versions up to and including 2.4.0, is susceptible to an arbitrary file read vulnerability through its 'downloadCustomUploadedFile' function. This flaw allows authenticated users with Subscriber-level access or higher to unintentionally expose sensitive files stored on the server, potentially leading to unauthorized access to confidential information. Website administrators must assess their installations and apply the necessary updates to mitigate this risk.

Affected Version(s)

WP Job Portal – AI-Powered Recruitment System for Company or Job Board website * <= 2.4.0

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...
https://plugins.trac.wordpress.org/browser/wp-job-portal/...

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Long Nguyen
JSON
.