- Published on
-
Dec 14, 2024
- Research Description
-
The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to SQL Injection via the 'fieldfor', 'visibleParent' and 'id' parameters in all versions up to, and including, 2.2.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
- Affected versions
-
Min -, max 2.2.3.
| Previous vulnerability researches |
|
WP Job Portal – A Complete Job Board
(CVE-2024-11711)
, Dec 15, 2024
|
|
WP Job Portal – A Complete Job Board
(CVE-2024-35759)
, Jun 22, 2024
|
|
WP Job Portal – A Complete Job Board
(CVE-2024-35760)
, Jun 22, 2024
|
|
WP Job Portal – A Complete Job Board
(CVE-2024-11714)
, Dec 15, 2024
|
|
WP Job Portal – A Complete Job Board
(CVE-2024-11710)
, Dec 15, 2024
|
| New vulnerability |
|
SKT Page Builder
(CVE-2024-12848)
, Jan 10, 2025
|
|
Deliver via Shipos for WooCommerce
(CVE-2024-12222)
, Jan 10, 2025
|
|
SEMA API
(CVE-2024-12285)
, Jan 10, 2025
|
|
Post Grid Master – Custom Post Types, Taxonomies & Ajax Filter Everything with Infinite Scroll, Load More, Pagination
(CVE-2024-11642)
, Jan 10, 2025
|
|
Yumpu ePaper publishing
(CVE-2024-12621)
, Jan 10, 2025
|