WP Job Portal Plugin Arbitrary File Deletion Vulnerability (CVE-2026-4758)
The WP Job Portal plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation, allowing authenticated attackers with subscriber-level access or higher to delete arbitrary files, potentially leading to remote code execution.
The WP Job Portal plugin for WordPress versions up to and including 2.4.9 is susceptible to an arbitrary file deletion vulnerability (CVE-2026-4758). The vulnerability stems from insufficient file path validation within the WPJOBPORTALcustomfields::removeFileCustom function. Authenticated attackers with Subscriber-level access or higher can exploit this flaw to delete arbitrary files on the server. Successful exploitation allows attackers to delete critical files such as wp-config.php…
Detection coverage 2
Detect WP Job Portal Arbitrary File Deletion Attempt
criticalDetects attempts to exploit CVE-2026-4758 by monitoring for suspicious requests to the 'removeFileCustom' function in the WP Job Portal plugin.
Detect wp-config.php Deletion via Web Server Logs
criticalDetects attempts to delete the wp-config.php file by monitoring for corresponding web server log entries.
Detection queries are kept inside the platform. Get full rules →