[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fc_dm9XA2yuo1BsOBqJHcHyNQ6pE715O0FOh6OMwD3zo":3},{"id":4,"url_slug":5,"title":6,"description":7,"plugin_slug":8,"theme_slug":9,"affected_versions":10,"patched_in_version":11,"severity":12,"cvss_score":13,"cvss_vector":14,"vuln_type":15,"published_date":16,"updated_date":17,"references":18,"days_to_patch":20,"patch_diff_files":21,"patch_trac_url":9,"research_status":29,"research_verified":30,"research_rounds_completed":31,"research_plan":32,"research_summary":9,"research_vulnerable_code":9,"research_fix_diff":9,"research_exploit_outline":9,"research_model_used":33,"research_started_at":34,"research_completed_at":35,"research_error":9,"poc_status":9,"poc_video_id":9,"poc_summary":9,"poc_steps":9,"poc_tested_at":9,"poc_wp_version":9,"poc_php_version":9,"poc_playwright_script":9,"poc_exploit_code":9,"poc_has_trace":30,"poc_model_used":9,"poc_verification_depth":9,"poc_exploit_code_gated":30,"source_links":36},"CVE-2026-24941","wp-job-portal-missing-authorization","WP Job Portal \u003C= 2.4.4 - Missing Authorization","The WP Job Portal – AI-Powered Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 2.4.4. This makes it possible for unauthenticated attackers to perform an unauthorized action.","wp-job-portal",null,"\u003C=2.4.4","2.4.5","medium",5.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Missing Authorization","2026-02-03 00:00:00","2026-02-09 21:43:39",[19],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fb613d4ab-6e96-428b-b853-bda5950a6027?source=api-prod",7,[22,23,24,25,26,27,28],"includes\u002Factivation.php","includes\u002Fcss\u002Fstyle.css","includes\u002Fcss\u002Fwpjobportaladmin_desktop.css","includes\u002Fimages\u002Fpleasewait.gif","includes\u002Fwpjobportal-ai.php","includes\u002Fwpjobportal-hooks.php","modules\u002Factivitylog\u002Fmodel.php","researched",false,3,"# Exploitation Research Plan - CVE-2026-24941 (WP Job Portal \u003C= 2.4.4)\n\n## 1. Vulnerability Summary\nThe **WP Job Portal** plugin (up to version 2.4.4) contains a **Missing Authorization** vulnerability in its user registration handling logic. Specifically, the function `wpjobportal_registration_save` in `includes\u002Fwpjobportal-hooks.php` fails to properly validate authorization and contains flawed nonce verification logic. This allows unauthenticated attackers to assign themselves specific plugin-defined roles (e.g., 'Employer') during registration, which may grant them unauthorized access to recruitment features or data management capabilities.\n\nThe flaw is particularly notable for an inverted nonce check: the logic that updates the user's role *only* executes if the provided nonce is invalid.\n\n## 2. Attack Vector Analysis\n*   **Endpoint:** `wp-login.php?action=register` (standard WordPress registration)\n*   **Hook:** `user_register` triggers `wpjobportal_registration_save`.\n*   **Parameters:**\n    *   `jobs_role`: The desired role ID (`1` for Employer, `2` for Job Seeker).\n    *   `wpjobportal_jobs_register_nonce`: Any non-empty string that fails `wp_verify_nonce`.\n*   **Authentication:** Unauthenticated.\n*   **Preconditions:** WordPress user registration must be enabled (`users_can_register` option set to `","gemini-3-flash-preview","2026-04-27 16:43:33","2026-04-27 16:44:37",{"type":37,"vulnerable_version":38,"fixed_version":11,"vulnerable_browse":39,"vulnerable_zip":40,"fixed_browse":41,"fixed_zip":42,"all_tags":43},"plugin","2.4.4","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fwp-job-portal\u002Ftags\u002F2.4.4","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-job-portal.2.4.4.zip","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fwp-job-portal\u002Ftags\u002F2.4.5","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-job-portal.2.4.5.zip","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fwp-job-portal\u002Ftags"]