WordPress Plugin Vulnerabilities

WP Jobs <= 1.4 - Authenticated SQL Injection

Description

The WP Jobs WordPress plugin was affected by an Authenticated SQL Injection security vulnerability.

Affects Plugins

Plugin icon
wp-jobs
Fixed in 1.5

References

CVE
CVE-2017-9603
URL
https://dtsa.eu/cve-2017-9603-wordpress-wp-jobs-v-1-4-sql-injection-sqli/

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89
CVSS
8.8 (high)

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
129555ff-db7d-4373-88a3-42dbd732e205

Timeline

Publicly Published
2017-06-11 (about 6 years ago)
Added
2017-06-14 (about 6 years ago)
Last Updated
2020-09-22 (about 3 years ago)

Other

Published
Title
Published
2022-08-09
Title
Contest Gallery < 17.0.5 - Author+ SQLi
Published
2018-05-27
Title
wpForo Forum < 1.4.11 - Unauthenticated SQL Injection
Published
2017-01-28
Title
FormBuilder <= 1.0.7 - Multiple Authenticated SQL Injection
Published
2022-07-11
Title
Youzify < 1.2.0 - Unauthenticated SQLi
Published
2021-10-11
Title
Asgaros Forum < 1.15.13 - Unauthenticated SQL Injection