Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpjobportal WP Job Portal wp-job-portal allows Blind SQL Injection.This issue affects WP Job Portal: from n/a through <= 2.3.2.
Published: 2025-06-17
Score: 9.3 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The WP Job Portal plugin contains an SQL Injection weakness that allows an attacker to insert crafted input that is not properly neutralized into SQL statements. This blind injection can reveal or modify data within the WordPress database, potentially exposing user credentials, job listings, and other sensitive information. The flaw is classified as CWE‑89 and the exposed data could lead to loss of confidentiality, integrity, or availability depending on what is accessed or altered.

Affected Systems

WordPress installations running the WP Job Portal plugin by wpjobportal are affected when the plugin version is 2.3.2 or older. All releases from the earliest available to and including 2.3.2 contain the vulnerability. The plugin is packaged as a WordPress extension and its CPE identifier is cpe:2.3:a:wpjobportal:wp_job_portal:*:*:*:*:*:wordpress:*:*.

Risk and Exploitability

The CVSS score of 9.3 places this issue in the critical severity range. The EPSS score indicates that current exploitation probability is low (<1%), and the vulnerability is not in the CISA KEV catalog. Because the flaw is a blind SQL injection, an attacker would need to send specially crafted requests to the plugin’s HTTP endpoints and analyze time‑based or error responses to infer data. Although no active exploitation is reported, the high potential impact and the lack of access restrictions make it prudent to apply a fix or mitigate the vulnerability as soon as possible.

Generated by OpenCVE AI on April 30, 2026 at 11:16 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the WP Job Portal plugin to the latest version that fixes the injection flaw (version 2.3.3 or newer).
  • If an immediate update is not feasible, disable the plugin until a patched release is available or restrict access to the plugin’s public URLs by IP whitelisting or firewall rules.
  • Conduct a review of the WordPress site’s input handling and ensure that all database queries use parameterized statements; apply this best practice to any custom code that interacts with the job portal plugin.

Generated by OpenCVE AI on April 30, 2026 at 11:16 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-18535 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpjobportal WP Job Portal allows Blind SQL Injection. This issue affects WP Job Portal: from n/a through 2.3.2.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

 cvssV3_1

{'score': 9.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpjobportal WP Job Portal allows Blind SQL Injection. This issue affects WP Job Portal: from n/a through 2.3.2. Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpjobportal WP Job Portal wp-job-portal allows Blind SQL Injection.This issue affects WP Job Portal: from n/a through <= 2.3.2.
Title WordPress WP Job Portal <= 2.3.2 - SQL Injection Vulnerability WordPress WP Job Portal plugin <= 2.3.2 - SQL Injection Vulnerability
References
Metrics cvssV3_1

{'score': 9.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L'}

 cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

Tue, 08 Jul 2025 13:30:00 +0000

Type Values Removed Values Added
First Time appeared Wpjobportal
Wpjobportal wp Job Portal
CPEs cpe:2.3:a:wpjobportal:wp_job_portal:*:*:*:*:*:wordpress:*:*
Vendors & Products Wpjobportal
Wpjobportal wp Job Portal

Tue, 17 Jun 2025 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 17 Jun 2025 15:15:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpjobportal WP Job Portal allows Blind SQL Injection. This issue affects WP Job Portal: from n/a through 2.3.2.
Title WordPress WP Job Portal <= 2.3.2 - SQL Injection Vulnerability
Weaknesses CWE-89
References
Metrics cvssV3_1

{'score': 9.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L'}

Subscriptions

Wpjobportal Wp Job Portal
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:12:54.800Z

Reserved: 2025-05-19T14:13:24.501Z

Link: CVE-2025-48274

cve-icon Vulnrichment

Updated: 2025-06-17T18:32:00.675Z

cve-icon NVD

Status : Modified

Published: 2025-06-17T15:15:44.700

Modified: 2026-04-23T15:31:00.647

Link: CVE-2025-48274

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T11:30:06Z

Weaknesses