Platform
wordpress
Component
js-jobs
Opgelost in
2.0.3
CVE-2025-32626 identifies a SQL Injection vulnerability within the JS Job Manager component. This flaw allows attackers to inject malicious SQL code, potentially gaining unauthorized access to sensitive data and compromising the underlying system. The vulnerability impacts versions 0.0.0 through 2.0.2 of JS Job Manager, and a fix is available in version 2.0.3.
Successful exploitation of this SQL Injection vulnerability could allow an attacker to bypass authentication mechanisms, read, modify, or delete data stored in the database. Depending on the database schema and privileges, an attacker might be able to escalate their access to the entire WordPress installation, potentially gaining control of the web server. The impact is particularly severe as SQL Injection vulnerabilities are often easy to exploit and can lead to complete data compromise. This vulnerability shares characteristics with other SQL Injection attacks, where crafted input strings are used to manipulate database queries.
CVE-2025-32626 was publicly disclosed on 2025-04-17. The vulnerability's CRITICAL CVSS score indicates a high probability of exploitation. Currently, there are no publicly available proof-of-concept exploits, but the ease of SQL Injection exploitation suggests that one may emerge. Monitor security advisories and threat intelligence feeds for any indications of active exploitation campaigns.
WordPress websites utilizing the JS Job Manager plugin, particularly those running versions 0.0.0 through 2.0.2, are at significant risk. Shared hosting environments where multiple websites share the same database are especially vulnerable, as a compromise of one site could potentially affect others.
• wordpress / composer / npm:
grep -r "js-jobs" /var/www/html/wp-content/plugins/• wordpress / composer / npm:
wp plugin list | grep js-jobs• generic web: Check for unusual database activity in WordPress error logs, specifically looking for SQL errors or unexpected query patterns. • generic web: Review WordPress access logs for suspicious requests targeting JS Job Manager endpoints.
disclosure
Exploit Status
EPSS
0.24% (47% percentiel)
CISA SSVC
CVSS-vector
The primary mitigation for CVE-2025-32626 is to immediately upgrade JS Job Manager to version 2.0.3 or later. If upgrading is not immediately feasible, consider implementing a Web Application Firewall (WAF) with rules to filter out potentially malicious SQL injection attempts. Input validation and sanitization on all user-supplied data are crucial preventative measures. Review and restrict database user privileges to minimize the potential damage from a successful attack. After upgrading, confirm the fix by attempting a SQL injection attack through the affected endpoints and verifying that the input is properly sanitized.
Actualice el plugin JS Job Manager a la versión 2.0.3 o superior para mitigar la vulnerabilidad de inyección SQL. Verifique que todas las entradas de usuario se saniticen y escapen correctamente para prevenir futuros ataques. Considere implementar un firewall de aplicaciones web (WAF) para una capa adicional de protección.
Kwetsbaarheidsanalyses en kritieke waarschuwingen direct in uw inbox.
CVE-2025-32626 is a critical SQL Injection vulnerability affecting JS Job Manager versions 0.0.0 through 2.0.2, allowing attackers to inject malicious SQL code.
You are affected if your WordPress site uses JS Job Manager version 0.0.0 to 2.0.2. Check your plugin versions immediately.
Upgrade JS Job Manager to version 2.0.3 or later to resolve the vulnerability. Consider WAF rules as an interim measure.
While no public exploits are currently available, the high CVSS score and ease of SQL Injection suggest potential for exploitation. Monitor for updates.
Refer to the official JS Job Manager website or WordPress plugin repository for the latest security advisory and updates.
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.