PT-2026-57639 · WordPress · Wp Job Portal

Published

2026-07-13

·

Updated

2026-07-13

·

CVE-2026-12397

CVSS v3.1

4.3

Medium

VectorAV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Name of the Vulnerable Software and Affected Versions WP Job Portal versions prior to 2.5.5
Description Authenticated users with a subscriber-level account can read private account email addresses of other employers. This occurs because the plugin fails to verify ownership when returning an employer's contact email for a specific job, enabling the disclosure of information through the enumeration of job identifiers.
Recommendations Update WP Job Portal to version 2.5.5 or later.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

Related Identifiers

CVE-2026-12397

Affected Products

Wp Job Portal