Severity by source
AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L
Lifecycle Timeline
4DescriptionCVE.org
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in eyecix Addon Jobsearch Chat addon-jobsearch-chat allows SQL Injection.This issue affects Addon Jobsearch Chat: from n/a through <= 3.0.
AnalysisAI
A SQL injection vulnerability exists in the eyecix Addon Jobsearch Chat plugin for WordPress, affecting all versions through 3.0, that allows attackers to execute arbitrary SQL commands against the underlying database. The vulnerability stems from improper neutralization of special SQL characters in user-supplied input, classified under CWE-89 (SQL Injection). While no CVSS score or EPSS metric is currently available, the vulnerability has been documented by Patchstack and assigned ENISA EUVD tracking ID EUVD-2026-15695, indicating active awareness in vulnerability tracking systems.
Technical ContextAI
The Addon Jobsearch Chat plugin (CPE: cpe:2.3:a:eyecix:addon_jobsearch_chat:*:*:*:*:*:*:*:*) is a WordPress plugin that provides job search and chat functionality. The vulnerability is rooted in CWE-89 (Improper Neutralization of Special Elements used in an SQL Command), which occurs when user-controlled input is concatenated directly into SQL queries without proper parameterization or escaping. This is a classic SQL injection flaw where an attacker can manipulate SQL syntax by injecting malicious characters or SQL fragments through input fields, potentially allowing them to extract, modify, or delete database records. The plugin appears to interact with WordPress database APIs but fails to use prepared statements or parameterized queries to safely handle user input.
RemediationAI
The primary remediation is to upgrade the Addon Jobsearch Chat plugin to a version later than 3.0 if a patched version is available from eyecix; consult the vendor's release notes and the Patchstack advisory (https://patchstack.com/database/Wordpress/Plugin/addon-jobsearch-chat/vulnerability/wordpress-addon-jobsearch-chat-plugin-3-0-sql-injection-vulnerability?_s_id=cve) to confirm availability and installation instructions. If no patch is currently available, immediately disable and deactivate the plugin to prevent exploitation. As a temporary workaround, restrict access to the plugin's functionality using a Web Application Firewall (WAF) with SQL injection detection rules, limit database user permissions to read-only or minimal required access, and monitor database logs for suspicious query patterns. Ensure all WordPress installations, plugins, and themes are kept current, and implement database query logging to detect any exploitation attempts.
More in Addon Jobsearch Chat
View allSame weakness CWE-89 – SQL Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-15695
GHSA-xr7x-cpgh-xg5x