Plataforma
wordpress
Componente
click-pledge-wpjobboard
Corrigido em
3.10.0
CVE-2025-49455 is a critical SQL Injection vulnerability discovered in the WordPress-WPJobBoard plugin. This flaw allows attackers to inject malicious SQL code, potentially leading to unauthorized data access and manipulation. The vulnerability impacts versions up to 25.07010000-WP6.8.1-JB5.11.5, and a fix is available in version 3.10.0.
The SQL Injection vulnerability in WordPress-WPJobBoard allows an attacker to bypass authentication and authorization mechanisms. By crafting malicious SQL queries, an attacker can extract sensitive data stored in the database, including user credentials, job postings, and financial information. Successful exploitation could lead to complete compromise of the WordPress site and potentially impact connected systems. The 'Blind SQL Injection' nature of this vulnerability means the attacker doesn't see the results of their queries directly, requiring more sophisticated techniques to extract data, but doesn't diminish the potential impact. This is similar to other SQL injection vulnerabilities where attackers use techniques like time-based injection to infer data.
CVE-2025-49455 was publicly disclosed on 2025-06-10. The vulnerability is not currently listed on the CISA KEV catalog, and the EPSS score is pending evaluation. No public proof-of-concept exploits have been released at the time of writing, but the severity of the vulnerability suggests it is a high-priority target for exploitation.
WordPress sites utilizing the WPJobBoard plugin, particularly those running older versions (≤25.07010000-WP6.8.1-JB5.11.5), are at significant risk. Shared hosting environments where multiple websites share the same database are especially vulnerable, as a compromise of one site could potentially impact others.
• wordpress / composer / npm:
grep -r "click-pledge-wpjobboard" /var/www/html/wp-content/plugins/• wordpress / composer / npm:
wp plugin list | grep WPJobBoard• generic web:
curl -I https://example.com/wp-content/plugins/click-pledge-wpjobboard/ | grep SQL• generic web: Check WordPress error logs for SQL syntax errors or unusual database queries related to the plugin.
disclosure
Status do Exploit
EPSS
0.14% (percentil 34%)
CISA SSVC
Vetor CVSS
The primary mitigation for CVE-2025-49455 is to immediately upgrade WordPress-WPJobBoard to version 3.10.0 or later. If upgrading is not immediately feasible due to compatibility issues or breaking changes, consider implementing a Web Application Firewall (WAF) with rules to filter out potentially malicious SQL queries targeting the vulnerable endpoints. Input validation and sanitization on user-supplied data are also crucial preventative measures. Monitor WordPress logs for suspicious SQL queries or database activity. After upgrade, confirm the vulnerability is resolved by attempting a SQL injection attack on the vulnerable endpoint and verifying that it is blocked.
Actualice el plugin WordPress-WPJobBoard a una versión corregida para mitigar la vulnerabilidad de inyección SQL ciega. Consulte las notas de la versión del plugin o el sitio web del desarrollador para obtener instrucciones específicas de actualización.
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
CVE-2025-49455 is a critical SQL Injection vulnerability affecting WordPress-WPJobBoard versions up to 25.07010000-WP6.8.1-JB5.11.5, allowing attackers to potentially extract sensitive data.
If you are using WordPress-WPJobBoard version 25.07010000-WP6.8.1 or earlier, you are potentially affected by this vulnerability.
Upgrade WordPress-WPJobBoard to version 3.10.0 or later to remediate the SQL Injection vulnerability.
While no public exploits are currently known, the vulnerability's severity suggests it is a high-priority target for exploitation.
Refer to the WordPress-WPJobBoard plugin's official website or the WordPress plugin repository for the latest advisory and update information.
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.