CVE-2024-11714: 
WordPress vulnerability analysis and mitigation

The WP Job Portal WordPress plugin (versions up to 2.2.2) contains a SQL Injection vulnerability (CVE-2024-11714) discovered in December 2024. The vulnerability exists in the 'ff' parameter of the getFieldsForVisibleCombobox() function due to insufficient parameter escaping and SQL query preparation. This security issue affects the Complete Recruitment System for Company or Job Board website plugin (NVD, Wordfence).

The vulnerability is classified as a SQL Injection (CWE-89) with a CVSS v3.1 base score of 4.9 (Medium). The attack vector is network-accessible (AV:N) with low attack complexity (AC:L), requiring high privileges (PR:H) and no user interaction (UI:N). The scope is unchanged (S:U) with high confidentiality impact (C:H) but no impact on integrity (I:N) or availability (A:N) (NVD).

The vulnerability allows authenticated attackers with Administrator-level access or higher to append additional SQL queries to existing queries, potentially leading to the extraction of sensitive information from the database (NVD).

Users should upgrade to version 2.2.3 or later of the WP Job Portal plugin, which contains the fix for this vulnerability (WordPress Plugin).