Description
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in wpjobportal WP Job Portal wp-job-portal allows Path Traversal.This issue affects WP Job Portal: from n/a through <= 2.3.2.
Published: 2025-05-23
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

This vulnerability is a path traversal flaw that allows an attacker to download any file accessible to the web server, potentially exposing configuration files, credentials, or other sensitive data. The flaw stems from insufficient validation of file paths in the WP Job Portal plugin, enabling a malicious user to craft requests to traverse directories. The weakness is classified as CWE‑22, which typically permits information disclosure and, if combined with other weaknesses, could lead to code execution or privilege escalation.

Affected Systems

WordPress sites that have the wp-job-portal plugin installed at any version from the first release through version 2.3.2 inclusive. The plugin is distributed by wpjobportal under the name WP Job Portal and is commonly bundled with WordPress installations that provide job posting functionality.

Risk and Exploitability

The CVSS score of 7.5 indicates high severity, with a low EPSS score of less than 1 % suggesting that exploitation is not currently common. The vulnerability is not listed in the CISA KEV catalog, which further reduces its immediate risk. The attack vector is inferred to be remote, accessible over the web via the plugin’s file download interface, and does not require authentication according to the description. An attacker can exploit the flaw by constructing a malicious URL that manipulates the file path parameter to reference files outside the intended download directory.

Generated by OpenCVE AI on April 30, 2026 at 12:30 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the wp-job-portal plugin to any release newer than 2.3.2, which removes the path traversal handling that allowed the flaw.
  • If an upgrade is not immediately possible, restrict the directory that can be served by the download mechanism to a dedicated, read‑only folder and enforce path validation on the server side.
  • Configure a web‑application firewall or rewrite rules to block requests that contain directory traversal patterns such as '..' or encoded equivalents before they reach the plugin code.

Generated by OpenCVE AI on April 30, 2026 at 12:30 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-28190 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in wpjobportal WP Job Portal allows Path Traversal. This issue affects WP Job Portal: from n/a through 2.3.2.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in wpjobportal WP Job Portal allows Path Traversal. This issue affects WP Job Portal: from n/a through 2.3.2. Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in wpjobportal WP Job Portal wp-job-portal allows Path Traversal.This issue affects WP Job Portal: from n/a through <= 2.3.2.
Title WordPress WP Job Portal <= 2.3.2 - Arbitrary File Download Vulnerability WordPress WP Job Portal plugin <= 2.3.2 - Arbitrary File Download Vulnerability
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

Tue, 24 Jun 2025 21:15:00 +0000

Type Values Removed Values Added
First Time appeared Wpjobportal
Wpjobportal wp Job Portal
CPEs cpe:2.3:a:wpjobportal:wp_job_portal:*:*:*:*:*:wordpress:*:*
Vendors & Products Wpjobportal
Wpjobportal wp Job Portal

Tue, 27 May 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 23 May 2025 13:00:00 +0000

Type Values Removed Values Added
Description Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in wpjobportal WP Job Portal allows Path Traversal. This issue affects WP Job Portal: from n/a through 2.3.2.
Title WordPress WP Job Portal <= 2.3.2 - Arbitrary File Download Vulnerability
Weaknesses CWE-22
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

Subscriptions

Wpjobportal Wp Job Portal
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-05-12T00:20:49.289Z

Reserved: 2025-05-19T14:13:24.501Z

Link: CVE-2025-48273

cve-icon Vulnrichment

Updated: 2025-05-27T14:35:59.021Z

cve-icon NVD

Status : Modified

Published: 2025-05-23T13:15:44.140

Modified: 2026-04-23T15:31:00.527

Link: CVE-2025-48273

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T12:45:22Z

Weaknesses