WordPress Plugin Vulnerabilities

WP Job Portal < 2.5.5 - Subscriber+ SQL Injection via Applied Resumes 'ta' Parameter

Description

The plugin does not properly sanitize and escape a parameter before using it in a SQL query, allowing authenticated users with a subscriber-level (self-registerable) account to perform SQL injection attacks.

Proof of Concept

Affects Plugins

Fixed in 2.5.5

References

Classification

Type
SQLI
OWASP top 10
CWE
CVSS

Miscellaneous

Original Researcher
Meher Sudhakar Abbireddi
Submitter
Meher Sudhakar Abbireddi
Verified
Yes

Timeline

Publicly Published
2026-06-25 (about 21 days ago)
Added
2026-06-25 (about 20 days ago)
Last Updated
2026-07-10 (about 5 days ago)

Other