CVE-2023-4490 Scanner

WordPress Job Portal is a plugin used in WordPress websites to manage job listings and applications. It allows site administrators to post jobs, receive applications, and manage job seeker accounts. The plugin is frequently used by small to medium-sized companies or freelance platforms aiming to build a job board with minimal development effort. It is integrated into WordPress and thus inherits its popularity and broad usage base. Due to the nature of job boards requiring user interaction, plugins like these are exposed to numerous inputs from external users. The plugin is widely available and often deployed without significant customization, making vulnerabilities impactful across many instances.

This scanner detects an SQL Injection vulnerability in WordPress Job Portal versions before 2.0.6. The vulnerability allows unauthenticated users to inject arbitrary SQL commands through the `city` parameter in job search forms. It arises because the plugin fails to properly sanitize and escape input before incorporating it into SQL queries. This flaw can be used to extract sensitive information such as user credentials or site configuration. Attackers may also attempt to manipulate or delete records in the database. The vulnerability has been rated high severity due to its wide accessibility and potential data exposure.

Technically, the vulnerability exists in the `/wp-job-portal-jobseeker-controlpanel/jobs` endpoint, which handles job search submissions. The `city` parameter is directly passed into an SQL statement without validation. Attackers can use time-based blind SQL injection techniques, such as inserting `sleep(7)` inside a subquery, to detect the flaw based on delayed server responses. The scanner confirms the issue by sending a POST request and analyzing the response delay and returned content. A match is confirmed when the response contains plugin-specific markers and takes longer than the specified threshold.

If exploited, the vulnerability may result in data breaches where attackers gain access to job seeker information, company details, and administrator credentials. It may also lead to manipulation or destruction of site data. Exploitation could enable privilege escalation or lateral movement into other parts of the hosting environment. Unauthenticated access increases the risk significantly, allowing even casual attackers to probe and exploit vulnerable systems. Websites running outdated versions of the plugin are exposed to a high risk of compromise.

REFERENCES

• https://wpscan.com/vulnerability/986024f0-3c8d-44d8-a9c9-1dd284d7db0d/
• https://nvd.nist.gov/vuln/detail/CVE-2023-4490