PatchSiren

WP Job Portal CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

Review WP Job Portal CVE published 2026-07-13

CVE-2026-12397

The WP Job Portal WordPress plugin before 2.5.5 does not verify ownership when returning an employer's contact email for a given job, allowing authenticated users with a subscriber-level (self-registerable) account to read other employers' private account email addresses by enumerating job identifiers. This vulnerability could potentially allow attackers to gather sensitive information about employers, wh [truncated]

Review WP Job Portal CVE published 2026-07-13

CVE-2026-12396

The WP Job Portal WordPress plugin before 2.5.5 has a vulnerability that allows authenticated users with a subscriber-level account to approve, feature, or reject arbitrary jobs, including those owned by other users. This issue arises from the plugin's failure to enforce capability and ownership checks for job moderation actions. The vulnerability has a medium defensive priority and affects users of the W [truncated]