The WP Job Portal plugin contains an authenticated SQL injection vulnerability that could allow attackers with contributor access to compromise the integrity and confidentiality of the application database.

The plugin fails to properly sanitize user-supplied input, enabling a contributor-level user to perform SQL injection. By injecting malicious queries, an attacker can interact directly with the database backend.

The ability to perform unauthorized database operations represents a severe threat to business continuity and data privacy. Given the CVSS score of 8.5, this vulnerability could be leveraged to dump sensitive user data or escalate privileges within the WordPress environment.

Immediate Action: Apply the latest security update from the vendor immediately to patch the affected code paths.

Proactive Monitoring: Monitor server logs for suspicious database query activity, specifically focusing on requests originating from contributor-level accounts.

Compensating Controls: Implement WAF rules to sanitize or block requests containing suspicious SQL syntax directed at the plugin's endpoints.

Public Exploit Available: false

Given the high severity of this vulnerability, immediate remediation is required to prevent potential data compromise. Administrators should verify their current version and apply patches as soon as they are made available by the vendor.