CVE-2023-4490
Published: 25 September 2023
Summary
CVE-2023-4490 is a critical-severity an unspecified weakness vulnerability in Wpjobportal Wp Job Portal. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 2.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
The WP Job Portal WordPress plugin before version 2.0.6 contains a SQL injection vulnerability because it fails to sanitize and escape a parameter before incorporating it into a SQL statement. The affected component is this plugin running on WordPress sites, and the issue carries a CVSS 3.1 score of 9.8 reflecting network-exploitable impact without authentication or user interaction.
Unauthenticated attackers can supply a crafted parameter to execute arbitrary SQL commands against the database. Successful exploitation grants full read, write, and delete access to database contents, enabling data theft, modification of job portal records, or further compromise of the WordPress installation.
The referenced WPScan advisory at https://wpscan.com/vulnerability/986024f0-3c8d-44d8-a9c9-1dd284d7db0d identifies the flaw and points to the 2.0.6 release as the corrective version. The associated EPSS score has remained steady at 0.5197 with no material increase after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-54345
Vulnerability details
The WP Job Portal WordPress plugin before 2.0.6 does not sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.