WP Job Portal < 2.0.6 - Unauthenticated SQLi
CVE-2023-4490

9.8CRITICAL

Key Information:

Vendor: Wordpress
Status: WP Job Portal
Vendor: CVE Published:; 25 September 2023

Summary

The WP Job Portal plugin for WordPress prior to version 2.0.6 has a serious security flaw that allows unauthenticated users to perform SQL injection attacks. This vulnerability arises due to failure to properly sanitize and escape a user-controlled parameter that is used in a SQL statement. As a result, attackers can potentially manipulate database queries, leading to unauthorized data access and exploitation of the web application.

Affected Version(s)

WP Job Portal 0 < 2.0.6

References

https://wpscan.com/vulnerability/986024f0-3c8d-44d8-a9c9-...

exploitvdb-entrytechnical-description

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 25, 2023
Vulnerability Reserved
Aug 23, 2023

Credit

Pablo Sanchez

WPScan