Cyber Resilience

CVE-2025-26935

High

Published: 25 February 2025

Published
25 February 2025
Modified
23 April 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0020 41.5th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-26935 is a high-severity Path Traversal: '.../...//' (CWE-35) vulnerability in Wpjobportal Wp Job Portal. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 41.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2025-26935 is a path traversal vulnerability in the WP Job Portal plugin (wp-job-portal) for WordPress, specifically exploiting the '.../...//' sequence to enable PHP local file inclusion (LFI). This flaw affects all versions of the plugin up to and including 2.2.8, with no lower bound specified. Mapped to CWE-35 (Path Traversal) and CWE-22 (Improper Limitation of a Pathname to a Restricted Directory), it carries a CVSS v3.1 base score of 7.5 (AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high potential impact despite elevated exploitation complexity.

The vulnerability can be exploited remotely over the network by an attacker with low privileges, such as an authenticated user with subscriber-level access or equivalent. Exploitation requires high attack complexity, likely due to specific input conditions or plugin states, but needs no user interaction from victims. Successful attacks enable high-impact confidentiality, integrity, and availability violations through LFI, potentially allowing arbitrary local file reads or PHP code execution if sensitive files like configuration or web shells are targeted.

For mitigation details, refer to the Patchstack advisory at https://patchstack.com/database/Wordpress/Plugin/wp-job-portal/vulnerability/wordpress-wp-job-portal-plugin-2-2-8-local-file-inclusion-vulnerability?_s_id=cve, which documents the issue and likely recommends updating to a patched version beyond 2.2.8 or applying available defenses.

EU & UK References

Vulnerability details

Path Traversal: '.../...//' vulnerability in wpjobportal WP Job Portal wp-job-portal allows PHP Local File Inclusion.This issue affects WP Job Portal: from n/a through <= 2.2.8.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Path traversal leading to LFI in a public-facing WordPress plugin directly maps to exploiting internet-facing applications (T1190); the requirement for low-privileged auth (subscriber) combined with high CIA impact enables privilege escalation via software vulnerability exploitation (T1068).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-41736Shared CWE-22, CWE-35
CVE-2025-22786Shared CWE-22, CWE-35
CVE-2025-62630Shared CWE-22
CVE-2025-60786Shared CWE-22
CVE-2025-27590Shared CWE-22
CVE-2025-12422Shared CWE-22
CVE-2026-42520Shared CWE-22
CVE-2026-32727Shared CWE-22
CVE-2026-40258Shared CWE-22
CVE-2025-41757Shared CWE-22

Affected Assets

wpjobportal
wp job portal
≤ 2.2.8

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the CVE by requiring timely patching and updating of the vulnerable WP Job Portal plugin versions <=2.2.8 to eliminate the path traversal flaw.

prevent

Prevents exploitation of the path traversal vulnerability by enforcing validation of file path inputs to block sequences like '.../...//' that enable PHP LFI.

detect

Identifies the path traversal vulnerability in the WP Job Portal plugin through regular vulnerability scanning, enabling proactive detection and response.

References