PT-2018-17092 · WordPress · Wpjobboard

Published

2018-01-14

Updated

2018-02-01

CVE-2018-5695

CVSS v3.1

7.2

High

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: WpJobBoard plugin version 4.4.4

Description: The issue allows SQL injection via the order or sort parameter to the "wpjb-job" or "wpjb-alerts" module, with a request to "wp-admin/admin.php".

Recommendations: For WpJobBoard plugin version 4.4.4, consider restricting access to the "wpjb-job" and "wpjb-alerts" modules until a patch is available. Avoid using the order and sort parameters in the affected API endpoint until the issue is resolved.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2018-5695

Affected Products

Wpjobboard

PT-2018-17092 · WordPress · Wpjobboard

CVE-2018-5695

Weakness Enumeration

Related Identifiers

Affected Products

References · 3