PT-2026-27253 · WordPress · Wp Job Portal

Leonid Semenenko

Publicado

2026-03-23

Atualizado

2026-03-24

CVE-2026-4306

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions WP Job Portal plugin for WordPress versions prior to 2.4.9

Description The WP Job Portal plugin for WordPress is susceptible to SQL Injection due to inadequate input sanitization and insufficient SQL query preparation. Specifically, the radius parameter is not properly escaped, allowing unauthenticated attackers to inject additional SQL queries into existing database queries. This could enable attackers to extract sensitive information from the database.

Recommendations Update the WP Job Portal plugin to version 2.4.9 or later.

Correção

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

CVE-2026-4306

Produtos afetados

Wp Job Portal

PT-2026-27253 · WordPress · Wp Job Portal

CVE-2026-4306

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6