SQL Injection Vulnerability in WP Job Portal Plugin
CVE-2024-11711

7.5HIGH

Key Information:

Vendor: Wordpress
Status: WP Job Portal – A Complete Recruitment System For Company Or Job Board Website
Vendor: CVE Published:; 14 December 2024

Summary

The WP Job Portal plugin for WordPress is susceptible to SQL Injection, specifically through the 'resumeid' parameter. This vulnerability exists in all versions up to and including 2.2.1, primarily due to inadequate escaping of user-supplied input and inadequate preparation of SQL queries. Attackers, even those without authentication, could potentially inject additional SQL queries into existing ones, allowing access to and extraction of sensitive data from the database. Website administrators utilizing this plugin should take immediate action to mitigate the risk associated with this vulnerability.

Affected Version(s)

WP Job Portal – A Complete Recruitment System for Company or Job Board website * <= 2.2.1

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://gist.github.com/g1-nhantv/b388ef3b4ff57c69f719c36...

https://plugins.trac.wordpress.org/changeset/3202327/wp-j...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 14, 2024
Vulnerability Reserved
Nov 25, 2024

Credit

Tran Van Nhan