CVE-2024-11710

Name of the Vulnerable Software and Affected Versions WP Job Portal plugin versions prior to 2.2.3

Description The WP Job Portal plugin for WordPress is vulnerable to SQL Injection via the fieldfor, visibleParent, and id parameters due to insufficient escaping on user-supplied parameters and lack of sufficient preparation on existing SQL queries. This allows authenticated attackers with Administrator-level access and above to append additional SQL queries into already existing queries, which can be used to extract sensitive information from the database.

Recommendations For versions prior to 2.2.3, update to the latest version to mitigate risks. As a temporary workaround, consider restricting access to the fieldfor, visibleParent, and id parameters to minimize the risk of exploitation. Additionally, ensure that only necessary personnel have Administrator-level access and above to reduce the attack surface.