[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$frxq_ty5MpHdx0YymFEBZCf-wvLTKOPeeIh1ujRq9JdE":3},{"id":4,"url_slug":5,"title":6,"description":7,"plugin_slug":8,"theme_slug":9,"affected_versions":10,"patched_in_version":11,"severity":12,"cvss_score":13,"cvss_vector":14,"vuln_type":15,"published_date":16,"updated_date":17,"references":18,"days_to_patch":20,"patch_diff_files":21,"patch_trac_url":9,"research_status":28,"research_verified":29,"research_rounds_completed":30,"research_plan":31,"research_summary":32,"research_vulnerable_code":33,"research_fix_diff":34,"research_exploit_outline":35,"research_model_used":36,"research_started_at":37,"research_completed_at":38,"research_error":9,"poc_status":9,"poc_video_id":9,"poc_summary":9,"poc_steps":9,"poc_tested_at":9,"poc_wp_version":9,"poc_php_version":9,"poc_playwright_script":9,"poc_exploit_code":9,"poc_has_trace":29,"poc_model_used":9,"poc_verification_depth":9,"poc_exploit_code_gated":29,"source_links":39},"CVE-2026-42684","wp-job-portal-ai-powered-recruitment-system-for-company-or-job-board-website-unauthenticated-sql-injection","WP Job Portal – AI-Powered Recruitment System for Company or Job Board website \u003C= 2.5.1 - Unauthenticated SQL Injection","The WP Job Portal – AI-Powered Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 2.5.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","wp-job-portal",null,"\u003C=2.5.1","2.5.2","high",7.5,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:H\u002FI:N\u002FA:N","Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')","2026-05-23 00:00:00","2026-05-26 19:30:04",[19],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fa1d07e86-e870-4978-a240-4c3e8050c5d6?source=api-prod",4,[22,23,24,25,26,27],"includes\u002Factivation.php","modules\u002Fjob\u002Fmodel.php","modules\u002Fjobapply\u002Fmodel.php","modules\u002Fresume\u002Fmodel.php","readme.txt","wp-job-portal.php","researched",false,3,"# WP Job Portal \u003C= 2.5.1 - Unauthenticated SQL Injection (CVE-2026-42684)\n\n## Vulnerability Summary\nThe **WP Job Portal** plugin for WordPress is vulnerable to an unauthenticated SQL injection. The vulnerability exists because several model functions (e.g., in `modules\u002Fjob\u002Fmodel.php` or `modules\u002Fjobapply\u002Fmodel.php`) construct SQL queries by concatenating user-supplied parameters (like `jobid`, `catid`, or `typeid`) using `esc_sql()` but **without surrounding the values in single quotes**. Since `esc_sql()` only escapes characters like quotes and backslashes, it provides no protection for numeric SQL contexts. An attacker can inject arbitrary SQL commands by breaking the query logic.\n\n## Attack Vector Analysis\n*   **Endpoint:** `\u002Fwp-admin\u002Fadmin-ajax.php`\n*   **Action:** `wpjobportal_job_list` (inferred) or any AJAX action that handles job filtering\u002Fdisplay.\n*   **Vulnerable Parameter:** `catid`, `typeid`, or `jobid` (parameters used in `WHERE` clauses without quotes).\n*   **Authentication:** Unauthenticated.\n*   **Preconditions:** None.\n\n## Code Flow\n1.  A request is made to `admin-ajax.php` with an action registered via `wp_ajax_nopriv_`.\n2.  The handler (likely in `wp-job-portal.php` or a module's controller) calls","The WP Job Portal plugin for WordPress is vulnerable to unauthenticated SQL injection because it concatenates user-supplied numeric parameters into SQL queries using esc_sql() but without surrounding single quotes. This allows attackers to break the SQL context and execute arbitrary database commands to extract sensitive information.","\u002F\u002F File: modules\u002Fjobapply\u002Fmodel.php\n\u002F\u002F Lines 58-63 in version 2.5.1\nif ($wpjobportal_searchjobcategory && is_numeric($wpjobportal_searchjobcategory))\n    $wpjobportal_inquery .= \" AND job.jobcategory = \" . esc_sql($wpjobportal_searchjobcategory);\nif ($wpjobportal_searchjobtype && is_numeric($wpjobportal_searchjobtype))\n    $wpjobportal_inquery .= \" AND job.jobtype = \" . esc_sql($wpjobportal_searchjobtype);\nif ($wpjobportal_searchjobstatus && is_numeric($wpjobportal_searchjobstatus))\n    $wpjobportal_inquery .= \" AND job.jobstatus = \" . esc_sql($wpjobportal_searchjobstatus);\n\n---\n\n\u002F\u002F File: modules\u002Fjob\u002Fmodel.php\n\u002F\u002F Lines 63-73 in version 2.5.1\n    $query = \"SELECT DISTINCT job.id AS jobid,job.tags AS jobtags,job.title,job.created,job.city,\n        CONCAT(job.alias,'-',job.id) AS jobaliasid,job.noofjobs,job.isfeaturedjob,job.status,\n        cat.cat_title,company.id AS companyid,company.name AS companyname,company.logofilename, jobtype.title AS jobtypetitle,job.endfeatureddate,job.startpublishing,job.stoppublishing,\n        job.params,CONCAT(company.alias,'-',company.id) AS companyaliasid,LOWER(jobtype.title) AS jobtypetit,\n        job.salarymax,job.salarymin,job.salarytype,srtype.title AS srangetypetitle,jobtype.color AS jobtypecolor,job.currency\n        FROM `\" . wpjobportal::$_db->prefix . \"wj_portal_jobs` AS job\n        \".wpjobportal::$_company_job_table_join.\" JOIN `\" . wpjobportal::$_db->prefix . \"wj_portal_companies` AS company ON company.id = job.companyid\n        LEFT JOIN `\" . wpjobportal::$_db->prefix . \"wj_portal_categories` AS cat ON cat.id = job.jobcategory\n        LEFT JOIN `\" . wpjobportal::$_db->prefix . \"wj_portal_salaryrangetypes` AS srtype ON srtype.id = job.salaryduration\n        LEFT JOIN `\" . wpjobportal::$_db->prefix . \"wj_portal_jobtypes` AS jobtype ON jobtype.id = job.jobtype\n        LEFT JOIN `\" . wpjobportal::$_db->prefix . \"wj_portal_jobcities` AS jobcity ON jobcity.jobid = job.id\n        LEFT JOIN `\" . wpjobportal::$_db->prefix . \"wj_portal_cities` AS city ON city.id = jobcity.cityid\n        LEFT JOIN `\" . wpjobportal::$_db->prefix . \"wj_portal_states` AS state ON state.countryid = city.countryid\n        LEFT JOIN `\" . wpjobportal::$_db->prefix . \"wj_portal_countries` AS country ON country.id = city.countryid\n        WHERE job.id =\". esc_sql($wpjobportal_jobid);\n\n---\n\n\u002F\u002F File: modules\u002Fjob\u002Fmodel.php\n\u002F\u002F Lines 25-27 in version 2.5.1\n                FROM `\" . wpjobportal::$_db->prefix . \"wj_portal_jobs` AS job\n                LEFT JOIN `\" . wpjobportal::$_db->prefix . \"wj_portal_categories` AS cat ON job.jobcategory = cat.id\n                LEFT JOIN `\" . wpjobportal::$_db->prefix . \"wj_portal_jobtypes` AS jobtype ON job.jobtype = jobtype.id\n                LEFT JOIN `\" . wpjobportal::$_db->prefix . \"wj_portal_companies` AS company ON job.companyid = company.id\n                WHERE job.status = 1 AND DATE(job.startpublishing) \u003C= CURDATE() AND DATE(job.stoppublishing) >= CURDATE()\n                ORDER BY created DESC LIMIT \" . esc_sql($wpjobportal_noofjobs);","diff -ru \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fwp-job-portal\u002F2.5.1\u002Fmodules\u002Fjob\u002Fmodel.php \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fwp-job-portal\u002F2.5.2\u002Fmodules\u002Fjob\u002Fmodel.php\n--- \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fwp-job-portal\u002F2.5.1\u002Fmodules\u002Fjob\u002Fmodel.php\t2026-04-21 04:30:56.000000000 +0000\n+++ \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fwp-job-portal\u002F2.5.2\u002Fmodules\u002Fjob\u002Fmodel.php\t2026-04-27 04:23:12.000000000 +0000\n@@ -2740,6 +2740,16 @@\n                     $wpjobportal_valarray[$uf->field] = isset($wpjobportal_searchajax[$uf->field]) ? $wpjobportal_searchajax[$uf->field] : '';\n                 }\n                 if (isset($wpjobportal_valarray[$uf->field]) && $wpjobportal_valarray[$uf->field] != null) {\n+\n+                    \u002F\u002F ==========================================\n+                    \u002F\u002F SECURITY FIX: ESCAPE VALUES AT THE TOP\n+                    \u002F\u002F ==========================================\n+                    \u002F\u002F esc_sql() natively handles both strings and arrays.\n+                    \u002F\u002F If it receives an array (like in checkbox\u002Fmultiple cases),\n+                    \u002F\u002F it safely loops through and escapes all nested values automatically.\n+                    $wpjobportal_valarray[$uf->field] = esc_sql($wpjobportal_valarray[$uf->field]);\n+                    \u002F\u002F ==========================================\n+\n                     switch ($uf->userfieldtype) {\n                         case 'text':\n                         case 'email':","An unauthenticated attacker can exploit this vulnerability by sending a crafted request to endpoints that trigger job search or filtering logic, typically via AJAX actions like 'wpjobportal_job_list'. By providing a malicious payload in parameters such as 'catid', 'typeid', or 'jobid' (e.g., '1 OR (SELECT 1 FROM (SELECT(SLEEP(5)))a)'), the attacker can execute time-based or boolean-based SQL injection. Since these parameters are not wrapped in quotes in the SQL statement, esc_sql() fails to sanitize characters that alter the SQL logic (like whitespace, OR, AND, etc.), allowing the attacker to exfiltrate database contents without authentication.","gemini-3-flash-preview","2026-06-04 21:37:49","2026-06-04 21:38:57",{"type":40,"vulnerable_version":41,"fixed_version":11,"vulnerable_browse":42,"vulnerable_zip":43,"fixed_browse":44,"fixed_zip":45,"all_tags":46},"plugin","2.5.1","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fwp-job-portal\u002Ftags\u002F2.5.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-job-portal.2.5.1.zip","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fwp-job-portal\u002Ftags\u002F2.5.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-job-portal.2.5.2.zip","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fwp-job-portal\u002Ftags"]