Platform
wordpress
Component
click-pledge-wpjobboard
Fixed in
3.10.0
CVE-2025-49455 is a critical SQL Injection vulnerability discovered in the WordPress-WPJobBoard plugin. This flaw allows attackers to inject malicious SQL code, potentially leading to unauthorized data access and manipulation. The vulnerability impacts versions up to 25.07010000-WP6.8.1-JB5.11.5, and a fix is available in version 3.10.0.
The SQL Injection vulnerability in WordPress-WPJobBoard allows an attacker to bypass authentication and authorization mechanisms. By crafting malicious SQL queries, an attacker can extract sensitive data stored in the database, including user credentials, job postings, and financial information. Successful exploitation could lead to complete compromise of the WordPress site and potentially impact connected systems. The 'Blind SQL Injection' nature of this vulnerability means the attacker doesn't see the results of their queries directly, requiring more sophisticated techniques to extract data, but doesn't diminish the potential impact. This is similar to other SQL injection vulnerabilities where attackers use techniques like time-based injection to infer data.
CVE-2025-49455 was publicly disclosed on 2025-06-10. The vulnerability is not currently listed on the CISA KEV catalog, and the EPSS score is pending evaluation. No public proof-of-concept exploits have been released at the time of writing, but the severity of the vulnerability suggests it is a high-priority target for exploitation.
Exploit Status
EPSS
0.14% (34% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-49455 is to immediately upgrade WordPress-WPJobBoard to version 3.10.0 or later. If upgrading is not immediately feasible due to compatibility issues or breaking changes, consider implementing a Web Application Firewall (WAF) with rules to filter out potentially malicious SQL queries targeting the vulnerable endpoints. Input validation and sanitization on user-supplied data are also crucial preventative measures. Monitor WordPress logs for suspicious SQL queries or database activity. After upgrade, confirm the vulnerability is resolved by attempting a SQL injection attack on the vulnerable endpoint and verifying that it is blocked.
Update the WordPress-WPJobBoard plugin to a patched version to mitigate the blind SQL injection vulnerability. Refer to the plugin's release notes or the developer's website for specific upgrade instructions.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-49455 is a critical SQL Injection vulnerability affecting WordPress-WPJobBoard versions up to 25.07010000-WP6.8.1-JB5.11.5, allowing attackers to potentially extract sensitive data.
If you are using WordPress-WPJobBoard version 25.07010000-WP6.8.1 or earlier, you are potentially affected by this vulnerability.
Upgrade WordPress-WPJobBoard to version 3.10.0 or later to remediate the SQL Injection vulnerability.
While no public exploits are currently known, the vulnerability's severity suggests it is a high-priority target for exploitation.
Refer to the WordPress-WPJobBoard plugin's official website or the WordPress plugin repository for the latest advisory and update information.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.