PT-2026-57639 · WordPress · Wp Job Portal
Published
2026-07-13
·
Updated
2026-07-13
·
CVE-2026-12397
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
WP Job Portal versions prior to 2.5.5
Description
Authenticated users with a subscriber-level account can read private account email addresses of other employers. This occurs because the plugin fails to verify ownership when returning an employer's contact email for a specific job, enabling the disclosure of information through the enumeration of job identifiers.
Recommendations
Update WP Job Portal to version 2.5.5 or later.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Wp Job Portal