Path Traversal Flaw in WP Job Portal by WordPress
CVE-2025-26935

7.5HIGH

Key Information:

Vendor: WPjobportal
Status: WP Job Portal
Vendor: CVE Published:; 25 February 2025

Summary

The WP Job Portal plugin for WordPress contains a path traversal vulnerability that may allow an attacker to exploit PHP Local File Inclusion (LFI). This security flaw affects versions of the WP Job Portal up to 2.2.8, enabling unauthorized access to sensitive files on the server. Proper validation and sanitization of user inputs are critical to mitigating such vulnerabilities, ensuring the integrity and security of the system.

Affected Version(s)

WP Job Portal <= 2.2.8

References

https://patchstack.com/database/wordpress/plugin/wp-job-p...

vdb-entry

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 25, 2025
Vulnerability Reserved
Feb 17, 2025

Credit

Trương Hữu Phúc (truonghuuphuc) (Patchstack Alliance)