CVE-2024-11713
📋 TL;DR
This SQL injection vulnerability in the WP Job Portal WordPress plugin allows authenticated attackers with Administrator-level access to execute arbitrary SQL queries via the 'page_id' parameter. Attackers can extract sensitive information from the database, including user credentials and other confidential data. Only WordPress sites using vulnerable versions of this plugin are affected.
💻 Affected Systems
- WP Job Portal - A Complete Recruitment System for Company or Job Board
📦 What is this software?
Wp Job Portal by Wpjobportal
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise leading to data exfiltration, privilege escalation, or site takeover via credential theft.
Likely Case
Extraction of sensitive user data, plugin configuration details, or WordPress user information from the database.
If Mitigated
Limited impact due to proper access controls and monitoring detecting unusual database queries.
🎯 Exploit Status
Exploit requires authenticated administrator access. SQL injection is well-understood and weaponization is likely given the public PoC.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.2.3
Vendor Advisory: https://plugins.trac.wordpress.org/changeset/3202327/wp-job-portal/tags/2.2.3/includes/deactivation.php
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'WP Job Portal' and click 'Update Now'. 4. Verify version shows 2.2.3 or higher.
🔧 Temporary Workarounds
Temporary Plugin Deactivation
allDisable the vulnerable plugin until patching is possible
wp plugin deactivate wp-job-portal
🧯 If You Can't Patch
- Implement strict access controls to limit administrator accounts and monitor administrator activity
- Deploy web application firewall (WAF) rules to block SQL injection patterns targeting the 'page_id' parameter
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel → Plugins → WP Job Portal → Version. If version is 2.2.2 or lower, system is vulnerable.Check Version:
wp plugin get wp-job-portal --field=versionVerify Fix Applied:
After updating, confirm plugin version shows 2.2.3 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Unusual SQL queries in WordPress or database logs containing 'wpjobportal_deactivate' function calls with suspicious 'page_id' values
- Multiple failed login attempts followed by administrator account access
Network Indicators:
- HTTP POST requests to wp-admin/admin-ajax.php with 'action=wpjobportal_deactivate' containing SQL injection patterns in parameters
SIEM Query:
source="wordpress.log" AND "wpjobportal_deactivate" AND ("UNION" OR "SELECT" OR "INSERT" OR "DELETE" OR "UPDATE" OR "--" OR "' OR '")🔗 References
- https://gist.github.com/g1-nhantv/08ea67adc67d1ba98bf56c4fae5aec0f#file-deactivation-php-L11
- https://plugins.trac.wordpress.org/changeset/3202327/wp-job-portal/tags/2.2.3/includes/deactivation.php?old=3187129&old_path=wp-job-portal%2Ftags%2F2.2.2%2Fincludes%2Fdeactivation.php
- https://www.wordfence.com/threat-intel/vulnerabilities/id/4d67675a-b77b-41c6-a94f-d9385e609b37?source=cve
