Description
Missing Authorization vulnerability in wpjobportal WP Job Portal wp-job-portal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Job Portal: from n/a through <= 2.4.4.
Published: 2026-02-20
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized Access via Broken Access Control
Action: Apply Patch
AI Analysis

Impact

The WordPress WP Job Portal plugin contains a missing authorization flaw that permits users to execute functions reserved for higher-level roles. Exploitation can lead to unauthorized viewing or modification of job postings, user data, or internal site administration actions, undermining confidentiality and integrity. Based on the description, it is inferred that the attack could be performed without an existing account.

Affected Systems

The vulnerability affects all installations of WP Job Portal through version 2.4.4, including earlier releases without the fix. It applies regardless of WordPress core version and does not require additional extensions to be installed.

Risk and Exploitability

With a CVSS score of 7.5, the flaw is considered high severity. The EPSS indicates a very low but non‑zero probability of exploitation, and the issue is not listed in CISA’s KEV catalog. Based on the description, it is inferred that the attack vector likely involves targeting the plugin’s web endpoints from any external IP, enabling unauthorized actions by sending crafted HTTP requests that bypass normal role checks.

Generated by OpenCVE AI on April 16, 2026 at 16:39 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade WP Job Portal to the latest release that addresses the access control issue (version 2.4.5 or later).
  • Review and tighten user role definitions, ensuring that only approved roles possess the capabilities exposed by the plugin.
  • Monitor access logs for unusual activity patterns, such as enumerated API calls or repeated attempts to access restricted content, and block offending IPs if necessary.

Generated by OpenCVE AI on April 16, 2026 at 16:39 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 23 Feb 2026 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Wordpress
Wordpress wordpress
Wpjobportal
Wpjobportal wp Job Portal
Vendors & Products Wordpress
Wordpress wordpress
Wpjobportal
Wpjobportal wp Job Portal

Fri, 20 Feb 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 20 Feb 2026 16:15:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in wpjobportal WP Job Portal wp-job-portal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Job Portal: from n/a through <= 2.4.4.
Title WordPress WP Job Portal plugin <= 2.4.4 - Broken Access Control vulnerability
Weaknesses CWE-862
References

Subscriptions

Wordpress Wordpress
Wpjobportal Wp Job Portal
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:14:50.960Z

Reserved: 2026-01-28T09:50:05.801Z

Link: CVE-2026-24941

cve-icon Vulnrichment

Updated: 2026-02-20T19:02:48.212Z

cve-icon NVD

Status : Deferred

Published: 2026-02-20T16:22:38.480

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-24941

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T16:45:25Z

Weaknesses