Skip to main content

Wp Job Portal CVE-2023-4490

CRITICAL
2023-09-25 contact@wpscan.com
9.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Sep 25, 2023 - 16:15 nvd
CRITICAL 9.8

DescriptionNVD

The WP Job Portal WordPress plugin before 2.0.6 does not sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users

AnalysisAI

The WP Job Portal WordPress plugin before 2.0.6 does not sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

The WP Job Portal WordPress plugin before 2.0.6 does not sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users Affected products include: Wpjobportal Wp Job Portal. Version information: before 2.0.6.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2026-12395 MEDIUM POC
6.5 Jul 16

SQL injection in WP Job Portal WordPress plugin before 2.5.5 enables authenticated subscriber-level users to exfiltrate

CVE-2024-11715 CRITICAL
9.8 Dec 14

The WP Job Portal - A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to

CVE-2024-7950 CRITICAL
9.8 Sep 04

The WP Job Portal - A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to

CVE-2026-12396 MEDIUM POC
5.4 Jul 13

Missing authorization in WP Job Portal WordPress plugin before 2.5.5 allows any self-registered subscriber to approve, f

CVE-2026-42684 CRITICAL
9.3 Jun 02

Blind SQL injection in the WP Job Portal WordPress plugin (versions up to and including 2.5.1) allows remote unauthentic

CVE-2026-12397 MEDIUM POC
4.3 Jul 13

The WP Job Portal WordPress plugin before 2.5.5 does not verify ownership when returning an employer's contact email fo

CVE-2024-11711 HIGH
7.5 Dec 14

The WP Job Portal - A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to

CVE-2026-42685 HIGH
7.1 Jun 02

Reflected cross-site scripting in the WP Job Portal WordPress plugin (versions up to and including 2.5.1) allows remote

CVE-2026-48880 MEDIUM
6.5 Jun 15

Stored Cross-Site Scripting in WP Job Portal WordPress plugin versions up to and including 2.5.2 allows authenticated Su

CVE-2022-41786 MEDIUM
5.4 Jan 17

Missing Authorization vulnerability in WP Job Portal WP Job Portal - A Complete Job Board.0.1. Rated medium severity (CV

CVE-2024-11712 MEDIUM
5.3 Dec 14

The WP Job Portal - A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to

CVE-2024-11714 MEDIUM
4.9 Dec 14

The WP Job Portal - A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to

Share

CVE-2023-4490 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy