CVE-2023-4490 Scanner

WordPress Job Portal is a widely-used plugin by job listing websites that rely on WordPress. This plugin is typically used by enterprises, small to medium-sized businesses, and recruitment agencies to post job listings and allow job seekers to search and apply for jobs online. The plugin offers features like job management, application tracking, and customized job searches to help streamline the hiring process. It integrates seamlessly with WordPress sites, making it easy for website administrators to manage jobs directly from their WordPress dashboard. Many organizations adopt this plugin to enhance user experience and simplify job application processes on their websites. It offers an extensive range of options for customization and flexibility, making it a popular choice among WordPress users.

An SQL Injection vulnerability in this plugin exists because it does not properly sanitize and escape user-supplied inputs to the 'city' parameter before using it in SQL statements. This vulnerability allows attackers to manipulate SQL queries, potentially leading to unauthorized data exposure or database manipulation. Such vulnerabilities are dangerous because they can provide attackers direct access to the database, which may contain critical data. Attackers exploiting this vulnerability do not require authentication, posing a threat to any site using a vulnerable version of the plugin. The SQL injection allows malicious users to potentially extract sensitive information or alter the database’s content, compromising the integrity and confidentiality of the data. Mitigating this vulnerability is crucial to prevent unauthorized access to data and potential damage to the WordPress site's overall security.

The vulnerability lies in the 'city' parameter used in the SQL statements within the plugin. The unsanitized input allows attackers to execute arbitrary SQL commands. Exploiting this vulnerability requires sending a specially crafted request to the server containing malicious SQL statements. By crafting such requests, attackers induce SQL operations that could lead to information disclosure or unauthorized data manipulation. The SQL injection is executed through HTTP POST requests to the "/wp-job-portal-jobseeker-controlpanel/jobs" endpoint, where the 'city' parameter can be manipulated. The lack of input validation and escaping in older versions of the plugin facilitates this SQL injection. Lastly, the vulnerability can be exploited using time-based blind SQL injection techniques, indicating that a successful attack results in a measurable delay, revealing information about the database structure.

If exploited, this vulnerability could allow attackers to gain unauthorized access to sensitive and confidential data stored within the WordPress database. They might extract information like user credentials, email addresses, and other personally identifiable information. Data manipulation could also occur, enabling attackers to alter job postings, create or delete jobs, or even modify application submissions. Additionally, attackers could potentially inject administrative-level permissions for themselves, gaining full access to manage the WordPress site and its contents. The compromise does not require authentication, thus broadening the scope of potential attack vectors. This could severely impact the credibility and security of the affected site, leading to loss of trust, financial damage, and legal implications if user data is breached.

REFERENCES

• https://wpscan.com/vulnerability/986024f0-3c8d-44d8-a9c9-1dd284d7db0d/
• https://nvd.nist.gov/vuln/detail/CVE-2023-4490