CVE-2024-13371

Medium CVSS: 5.3

The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to unauthorized arbitrary emails sending due to a missing capability check on the sendEmailToJobSeeker() function in all versions up to, and including, 2.2.6. This makes it possible for unauthenticated attackers to send arbitrary emails with arbitrary content from the sites mail server.

Vendor

Wpjobportal

Product

Wp Job Portal

CWE

CWE-862

Yayın Tarihi

2025-02-01 08:15:08

Güncelleme

2025-02-05 16:16:22

Source Identifier

security@wordfence.com

KEV Date Added

Kategoriler

CWE-862 Wp Job Portal MEDIUM Wpjobportal 2025

Referanslar

https://gist.github.com/g1-nhantv/31b04bc057046ecc54c3552387eb7bca https://plugins.trac.wordpress.org/changeset/3229608/wp-job-portal/tags/2.2.7/modules/jobapply/model.php?old=3216415&old_path=wp-job-portal%2Ftags%2F2.2.6%2Fmodules%2Fjobapply%2Fmodel.php https://www.wordfence.com/threat-intel/vulnerabilities/id/a84a4c56-a44e-450d-91fc-024f8ddeedee?source=cve

Benzer Kayıtlar

High

CVE-2025-48274

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpjobportal WP Job…

Unknown

CVE-2025-48273

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in wpjobportal WP Job Porta…

Critical

CVE-2025-47438

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in…

Unknown

CVE-2025-48272

Missing Authorization vulnerability in wpjobportal WP Job Portal wp-job-portal allows Exploiting Incorrectly Configured…

High

CVE-2025-26935

Path Traversal: '.../...//' vulnerability in wpjobportal WP Job Portal wp-job-portal allows PHP Local File Inclusion.Thi…

Medium

CVE-2024-13873

The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to…