CVE-2025-1310
📋 TL;DR
The Jobs for WordPress plugin contains a directory traversal vulnerability that allows authenticated users with Subscriber-level access or higher to read arbitrary files on the server. This can expose sensitive information like configuration files, credentials, or other private data. All WordPress sites using vulnerable versions of this plugin are affected.
💻 Affected Systems
- Jobs for WordPress plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers obtain database credentials, SSH keys, or other sensitive system files leading to complete server compromise and data exfiltration.
Likely Case
Attackers read WordPress configuration files (wp-config.php) containing database credentials, potentially leading to database access and site takeover.
If Mitigated
Attackers can only read non-sensitive files due to proper file permissions and directory restrictions.
🎯 Exploit Status
Exploitation requires authenticated access but is trivial once authenticated. Public proof-of-concept code is available in the references.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.7.12 or later
Vendor Advisory: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3257145%40job-postings&new=3257145%40job-postings&sfp_email=&sfph_mail=
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Jobs for WordPress' and click 'Update Now'. 4. Verify version is 2.7.12 or higher.
🔧 Temporary Workarounds
Disable vulnerable endpoint via .htaccess
allBlock access to the vulnerable file retrieval endpoint
# Add to .htaccess in WordPress root directory
<Files "class-job-get-uploaded-file.php">
Order Allow,Deny
Deny from all
</Files>
Remove plugin temporarily
allDeactivate and delete the plugin until patched
# Via WordPress admin: Plugins → Installed Plugins → Deactivate → Delete
🧯 If You Can't Patch
- Restrict user registration and review existing Subscriber accounts for suspicious activity
- Implement web application firewall rules to block directory traversal patterns in requests
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Installed Plugins for 'Jobs for WordPress' version 2.7.11 or lowerCheck Version:
wp plugin list --name="Jobs for WordPress" --field=versionVerify Fix Applied:
Verify plugin version is 2.7.12 or higher in WordPress admin panel📡 Detection & Monitoring
Log Indicators:
- HTTP requests containing 'job_postings_get_file' parameter with '../' sequences
- Multiple file read attempts from single user session
Network Indicators:
- Unusual file read patterns from authenticated users
- Requests to plugin endpoints with path traversal payloads
SIEM Query:
source="web_logs" AND uri="*class-job-get-uploaded-file.php*" AND (param="*../*" OR param="*..\\*" OR param="*%2e%2e%2f*")🔗 References
- https://plugins.trac.wordpress.org/browser/job-postings/tags/2.7.11/include/class-job-get-uploaded-file.php#L91
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3257145%40job-postings&new=3257145%40job-postings&sfp_email=&sfph_mail=
- https://www.wordfence.com/threat-intel/vulnerabilities/id/408312d3-9a9e-4b6b-9991-aee6b77745b2?source=cve
