CVE-2024-11711: 
WordPress vulnerability analysis and mitigation

The WP Job Portal WordPress plugin (versions up to 2.2.1) contains an SQL Injection vulnerability (CVE-2024-11711) discovered in December 2024. The vulnerability exists in the 'resumeid' parameter due to insufficient escaping of user-supplied input and inadequate SQL query preparation. This security flaw allows unauthenticated attackers to inject additional SQL queries into existing ones, potentially exposing sensitive database information (NVD).

The vulnerability is classified as SQL Injection (CWE-89) with a CVSS v3.1 Base Score of 7.5 (HIGH), and vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. The issue stems from improper handling of the 'resumeid' parameter in the plugin's functionality, where user input is not properly sanitized before being used in SQL queries (NVD).

The vulnerability allows unauthenticated attackers to extract sensitive information from the database through SQL injection techniques. The high CVSS score reflects the potential for significant data exposure, though the impact appears limited to confidentiality with no direct effect on integrity or availability (NVD).

Users should upgrade to WP Job Portal version 2.2.3 or later, which contains the fix for this vulnerability. The patch can be found in the WordPress plugin repository (WordPress Plugin).