प्लेटफ़ॉर्म
wordpress
घटक
addon-jobsearch-chat
में ठीक किया गया
3.0.1
CVE-2026-25377 describes a SQL Injection vulnerability discovered in the eyecix Addon Jobsearch Chat WordPress plugin. This flaw allows attackers to inject malicious SQL code, potentially gaining unauthorized access to sensitive data stored within the database. The vulnerability impacts versions from 0.0.0 through 3.0, and a patch is available in version 3.1.
Successful exploitation of this SQL Injection vulnerability could grant an attacker complete control over the WordPress database. This could lead to the exfiltration of sensitive user data, including usernames, passwords, email addresses, and personally identifiable information (PII). Attackers could also modify or delete data, disrupt website functionality, or even gain remote code execution on the server if database credentials are used to access other systems. The potential blast radius is significant, as a compromised WordPress site can serve as a launchpad for further attacks against the broader network.
CVE-2026-25377 was publicly disclosed on March 25, 2026. The vulnerability's CRITICAL CVSS score indicates a high probability of exploitation. While no public proof-of-concept (PoC) code has been released at the time of writing, the ease of SQL Injection exploitation suggests that it is likely to become a target for automated attacks. Monitor security advisories and threat intelligence feeds for any indications of active exploitation campaigns.
Websites utilizing the Addon Jobsearch Chat plugin, particularly those running older, unpatched versions (0.0.0–3.0), are at significant risk. Shared hosting environments are especially vulnerable, as a compromise of one site can potentially impact others on the same server. Sites with weak database user permissions or inadequate input validation are also at increased risk.
• wordpress / composer / npm:
grep -r "SELECT.*FROM" /var/www/html/wp-content/plugins/addon-jobsearch-chat/• generic web:
curl -I https://example.com/addon-jobsearch-chat/ | grep SQL• wordpress / composer / npm:
wp plugin list --status=inactive | grep addon-jobsearch-chatdisclosure
एक्सप्लॉइट स्थिति
EPSS
0.04% (12% शतमक)
CISA SSVC
CVSS वेक्टर
The primary mitigation for CVE-2026-25377 is to immediately upgrade the Addon Jobsearch Chat plugin to version 3.1 or later. If upgrading is not immediately feasible due to compatibility issues or breaking changes, consider implementing a Web Application Firewall (WAF) rule to filter out potentially malicious SQL injection attempts. Specifically, look for patterns involving single quotes, double quotes, semicolons, and SQL keywords in user-supplied input. Additionally, review database user permissions to ensure they adhere to the principle of least privilege, limiting the potential damage from a successful attack. After upgrading, confirm the fix by attempting a SQL injection payload through the plugin's input fields and verifying that it is properly sanitized.
Update to version 3.1, or a newer patched version
भेद्यता विश्लेषण और गंभीर अलर्ट सीधे आपके ईमेल में।
CVE-2026-25377 is a critical SQL Injection vulnerability affecting the Addon Jobsearch Chat WordPress plugin, allowing attackers to inject malicious SQL code and potentially gain unauthorized access to the database.
You are affected if you are using Addon Jobsearch Chat versions 0.0.0 through 3.0. Check your plugin version and upgrade immediately if necessary.
Upgrade the Addon Jobsearch Chat plugin to version 3.1 or later. If upgrading is not possible, implement a WAF rule to filter SQL injection attempts.
While no public exploits are currently known, the vulnerability's severity and ease of exploitation suggest a high likelihood of future exploitation.
Refer to the eyecix website and WordPress plugin repository for the latest advisory and update information regarding CVE-2026-25377.
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।