CVE-2026-4758 - WP Job Portal - Arbitrary File Deletion

Overview

WP Job Portal WordPress plugin <= 2.4.9 contains an arbitrary file deletion vulnerability caused by insufficient file path validation in WPJOBPORTALcustomfields::removeFileCustom, letting authenticated attackers with Subscriber-level access delete arbitrary files, exploit requires authenticated Subscriber-level access or higher.

Severity & Score

Severity: High

CVSS Score: 8.8

EPSS Score: 0.0%(Probability of exploitation in next 30 days)

Impact

Authenticated attackers can delete arbitrary files, potentially leading to remote code execution and full server compromise.

Mitigation

Update to the latest version beyond 2.4.9.

References

Social Media Activity(2 posts)

TheHackerWire

@thehackerwire

Mar 26, 2026

🟠 CVE-2026-4758 - High (8.8) The WP Job Portal plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'WPJOBPORTALcustomfields::removeFileCustom' function in all versions up to, and including, 2.4.9. This makes it possibl... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4758/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

TheHackerWire

@thehackerwire

Mar 26, 2026

🟠 CVE-2026-4758 - High (8.8) The WP Job Portal plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'WPJOBPORTALcustomfields::removeFileCustom' function in all versions up to, and including, 2.4.9. This makes it possibl... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4758/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

CVE-2026-4758 - Vulnerability Analysis

Overview

Severity & Score

Impact

Mitigation

References

Social Media Activity(2 posts)

Related Resources

Details

CWE

CVSS Metrics

EPSS Score