CVE-2025-48274

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpjobportal WP Job Portal allows Blind SQL Injection. This issue affects WP Job Portal: from n/a through 2.3.2.

CVSS v3 9.3 CRITICAL

9.3^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 4.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact LOW

Scope CHANGED

References

Link	Resource
https://patchstack.com/database/wordpress/plugin/wp-job-portal/vulnerability/wordpress-wp-job-portal-2-3-2-sql-injection-vulnerability?_s_id=cve	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:wpjobportal:wp_job_portal:*:*:*:*:*:wordpress:*:*

History

08 Jul 2025, 13:12

Type	Values Removed	Values Added
Summary		(es) Vulnerabilidad de neutralización incorrecta de elementos especiales utilizados en un comando SQL ('Inyección SQL') en wpjobportal WP Job Portal permite la inyección SQL ciega. Este problema afecta a WP Job Portal desde n/d hasta la versión 2.3.2.
CPE		cpe:2.3:a:wpjobportal:wp_job_portal::::::wordpress::*
References	~~() https://patchstack.com/database/wordpress/plugin/wp-job-portal/vulnerability/wordpress-wp-job-portal-2-3-2-sql-injection-vulnerability?_s_id=cve -~~	() https://patchstack.com/database/wordpress/plugin/wp-job-portal/vulnerability/wordpress-wp-job-portal-2-3-2-sql-injection-vulnerability?_s_id=cve - Third Party Advisory
First Time		Wpjobportal wp Job Portal Wpjobportal

17 Jun 2025, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-06-17 15:15

Updated : 2025-07-08 13:12

NVD link : CVE-2025-48274

Mitre link : CVE-2025-48274

CVE.ORG link : CVE-2025-48274

JSON object : View

Products Affected

wpjobportal

wp_job_portal

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

9.3 /10