Cyber Resilience

CVE-2023-4490

CriticalPublic PoC

Published: 25 September 2023

Published
25 September 2023
Modified
23 April 2025
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.5197 98.0th percentile
Risk Priority 51 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-4490 is a critical-severity an unspecified weakness vulnerability in Wpjobportal Wp Job Portal. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 2.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

The WP Job Portal WordPress plugin before version 2.0.6 contains a SQL injection vulnerability because it fails to sanitize and escape a parameter before incorporating it into a SQL statement. The affected component is this plugin running on WordPress sites, and the issue carries a CVSS 3.1 score of 9.8 reflecting network-exploitable impact without authentication or user interaction.

Unauthenticated attackers can supply a crafted parameter to execute arbitrary SQL commands against the database. Successful exploitation grants full read, write, and delete access to database contents, enabling data theft, modification of job portal records, or further compromise of the WordPress installation.

The referenced WPScan advisory at https://wpscan.com/vulnerability/986024f0-3c8d-44d8-a9c9-1dd284d7db0d identifies the flaw and points to the 2.0.6 release as the corrective version. The associated EPSS score has remained steady at 0.5197 with no material increase after disclosure.

EU & UK References

Vulnerability details

The WP Job Portal WordPress plugin before 2.0.6 does not sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users

CWE(s)
None listed

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

wpjobportal
wp job portal
≤ 2.0.6

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References