๐Ÿ” CVE Alert

CVE-2026-12397

MEDIUM 4.3

WP Job Portal < 2.5.5 - Subscriber+ Employer Email Disclosure via IDOR

CVSS Score
4.3
EPSS Score
0.1%
EPSS Percentile
3th

The WP Job Portal WordPress plugin before 2.5.5 does not verify ownership when returning an employer's contact email for a given job, allowing authenticated users with a subscriber-level (self-registerable) account to read other employers' private account email addresses by enumerating job identifiers.

Vendor unknown
Product wp job portal
Published Jul 13, 2026
Last Updated Jul 13, 2026
Stay Ahead of the Next One

Get instant alerts for unknown wp job portal

Be the first to know when new medium vulnerabilities affecting unknown wp job portal are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

Unknown / WP Job Portal
0 < 2.5.5

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
wpscan.com: https://wpscan.com/vulnerability/8e797251-2351-4979-a6c1-c05c78622327/

Credits

Muni Nitish Kumar Yaddala WPScan