PT-2025-50726 · WordPress · Wp Job Portal
Long Nguyen
·
Published
2025-12-11
·
Updated
2025-12-11
·
CVE-2025-14293
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
WP Job Portal versions prior to 2.4.1
Description
The WP Job Portal plugin for WordPress is susceptible to an issue allowing unauthorized access to files. Authenticated attackers with Subscriber-level access or higher can potentially read arbitrary files on the server, potentially exposing sensitive information. The issue resides within the
downloadCustomUploadedFile function.Recommendations
Update WP Job Portal to version 2.4.1 or later.
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wp Job Portal