Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in eyecix Addon Jobsearch Chat addon-jobsearch-chat allows SQL Injection.This issue affects Addon Jobsearch Chat: from n/a through <= 3.0.
Published: 2026-03-25
Score: 9.3 Critical
EPSS: < 1% Very Low
KEV: No
Impact: SQL Injection
Action: Immediate Patch
AI Analysis

Impact

An improper handling of user input in the eyecix Addon Jobsearch Chat plugin lets attackers inject arbitrary SQL into the WordPress database. The result is the potential loss of confidential data, unauthorized data alteration, or even disruption of the site, corresponding to a classic SQL injection flaw (CWE‑89).

Affected Systems

Any WordPress installation running the eyecix Addon Jobsearch Chat plugin with a version from the first release up to and including 3.0 is vulnerable.

Risk and Exploitability

The vulnerability carries a critical CVSS score of 9.3, indicating severe impact. An advisory reports that exploitation is currently unlikely, suggesting a low probability of attack. The precise authentication requirement is not specified, but it appears an attacker would need to send crafted requests to the plugin’s web interface; whether this requires an authenticated session or can be done unauthenticated is unknown.

Generated by OpenCVE AI on March 26, 2026 at 21:44 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the eyecix Addon Jobsearch Chat plugin to a version newer than 3.0 or apply any known vendor patch.
  • If upgrading is not possible, disable or remove the plugin from the WordPress installation to eliminate the risk.
  • Keep the WordPress core and other plugins updated to reduce overall attack surface.

Generated by OpenCVE AI on March 26, 2026 at 21:44 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 26 Mar 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 9.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 26 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Eyecix
Eyecix addon Jobsearch Chat
Wordpress
Wordpress wordpress
Vendors & Products Eyecix
Eyecix addon Jobsearch Chat
Wordpress
Wordpress wordpress

Wed, 25 Mar 2026 16:45:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in eyecix Addon Jobsearch Chat addon-jobsearch-chat allows SQL Injection.This issue affects Addon Jobsearch Chat: from n/a through <= 3.0.
Title WordPress Addon Jobsearch Chat plugin <= 3.0 - SQL Injection vulnerability
Weaknesses CWE-89
References

Subscriptions

Eyecix Addon Jobsearch Chat
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-03-26T18:41:46.519Z

Reserved: 2026-02-02T12:53:01.429Z

Link: CVE-2026-25377

cve-icon Vulnrichment

Updated: 2026-03-26T18:41:33.420Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-25T17:16:48.117

Modified: 2026-03-30T13:27:12.923

Link: CVE-2026-25377

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-27T09:45:53Z

Weaknesses