CVE-2026-4758 is a path traversal vulnerability (CWE-22, CVSS 8.8) in WP Job Portal for WordPress affecting all versions through 2.4.9, enabling any authenticated Subscriber-level user to delete arbitrary server files including wp-config.php, with a viable path to full site compromise via RCE. Organizations running WordPress with this plugin and open user registration enabled are at elevated risk and should patch to the version released after 2.4.9 immediately or disable user registration as an interim measure. EPSS is low (48th percentile) with no confirmed active exploitation or CISA KEV listing at report date.