{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-25377", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2026-02-02T12:53:01.429Z", "datePublished": "2026-03-25T16:14:46.544Z", "dateUpdated": "2026-04-28T16:14:57.263Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://themeforest.net", "defaultStatus": "unaffected", "packageName": "addon-jobsearch-chat", "product": "Addon Jobsearch Chat", "vendor": "eyecix", "versions": [{"changes": [{"at": "3.1", "status": "unaffected"}], "lessThanOrEqual": "3.0", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Phat RiO | Patchstack Bug Bounty Program"}], "datePublic": "2026-04-22T14:18:33.364Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in eyecix Addon Jobsearch Chat addon-jobsearch-chat allows SQL Injection.<p>This issue affects Addon Jobsearch Chat: from n/a through <= 3.0.</p>"}], "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in eyecix Addon Jobsearch Chat addon-jobsearch-chat allows SQL Injection.This issue affects Addon Jobsearch Chat: from n/a through <= 3.0."}], "impacts": [{"capecId": "CAPEC-66", "descriptions": [{"lang": "en", "value": "SQL Injection"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-89", "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-28T16:14:57.263Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Plugin/addon-jobsearch-chat/vulnerability/wordpress-addon-jobsearch-chat-plugin-3-0-sql-injection-vulnerability?_s_id=cve"}], "title": "WordPress Addon Jobsearch Chat plugin <= 3.0 - SQL Injection vulnerability"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-26T18:41:41.646446Z", "id": "CVE-2026-25377", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-28T01:37:22.927Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-25377", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-26T18:41:41.646446Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-26T18:41:33.420Z"}}], "cna": {"title": "WordPress Addon Jobsearch Chat plugin <= 3.0 - SQL Injection vulnerability", "credits": [{"lang": "en", "type": "finder", "value": "Phat RiO | Patchstack Bug Bounty Program"}], "impacts": [{"capecId": "CAPEC-66", "descriptions": [{"lang": "en", "value": "SQL Injection"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.3, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "eyecix", "product": "Addon Jobsearch Chat", "versions": [{"status": "affected", "changes": [{"at": "3.1", "status": "unaffected"}], "version": "0", "versionType": "custom", "lessThanOrEqual": "3.0"}], "packageName": "addon-jobsearch-chat", "collectionURL": "https://themeforest.net", "defaultStatus": "unaffected"}], "datePublic": "2026-04-22T14:18:33.364Z", "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/addon-jobsearch-chat/vulnerability/wordpress-addon-jobsearch-chat-plugin-3-0-sql-injection-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in eyecix Addon Jobsearch Chat addon-jobsearch-chat allows SQL Injection.This issue affects Addon Jobsearch Chat: from n/a through <= 3.0.", "supportingMedia": [{"type": "text/html", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in eyecix Addon Jobsearch Chat addon-jobsearch-chat allows SQL Injection.<p>This issue affects Addon Jobsearch Chat: from n/a through <= 3.0.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-28T16:14:57.263Z"}}}, "cveMetadata": {"cveId": "CVE-2026-25377", "state": "PUBLISHED", "dateUpdated": "2026-04-28T16:14:57.263Z", "dateReserved": "2026-02-02T12:53:01.429Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2026-03-25T16:14:46.544Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in eyecix Addon Jobsearch Chat addon-jobsearch-chat allows SQL Injection.This issue affects Addon Jobsearch Chat: from n/a through <= 3.0."}, {"lang": "es", "value": "Neutralizaci\u00f3n Incorrecta de Elementos Especiales utilizados en un Comando SQL ('Inyecci\u00f3n SQL') vulnerabilidad en eyecix Addon Jobsearch Chat addon-jobsearch-chat permite la inyecci\u00f3n SQL. Este problema afecta a Addon Jobsearch Chat: desde n/a hasta &lt;= 3.0."}], "id": "CVE-2026-25377", "lastModified": "2026-04-24T16:35:20.070", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.7, "source": "audit@patchstack.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.7, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-25T17:16:48.117", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Plugin/addon-jobsearch-chat/vulnerability/wordpress-addon-jobsearch-chat-plugin-3-0-sql-injection-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "audit@patchstack.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,3.0]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[3.1,3.1]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Addon Jobsearch Chat", "source": "cna", "vendor": "eyecix"}, "product": "addon_jobsearch_chat", "vendor": "eyecix"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-03-26T21:44:07.989865+00:00", "value": {"mitigation_remediation": ["Upgrade the eyecix Addon Jobsearch Chat plugin to a version newer than 3.0 or apply any known vendor patch.", "If upgrading is not possible, disable or remove the plugin from the WordPress installation to eliminate the risk.", "Keep the WordPress core and other plugins updated to reduce overall attack surface."], "summary": {"action": "Immediate Patch", "impact": "SQL Injection"}, "threat_synthesis": {"affected_systems": "Any WordPress installation running the eyecix Addon Jobsearch Chat plugin with a version from the first release up to and including 3.0 is vulnerable.", "description_and_impact": "An improper handling of user input in the eyecix Addon Jobsearch Chat plugin lets attackers inject arbitrary SQL into the WordPress database. The result is the potential loss of confidential data, unauthorized data alteration, or even disruption of the site, corresponding to a classic SQL injection flaw (CWE\u201189).", "risk_and_exploitability": "The vulnerability carries a critical CVSS score of 9.3, indicating severe impact. An advisory reports that exploitation is currently unlikely, suggesting a low probability of attack. The precise authentication requirement is not specified, but it appears an attacker would need to send crafted requests to the plugin\u2019s web interface; whether this requires an authenticated session or can be done unauthenticated is unknown."}}}}, "created": "2026-03-25T21:44:46.780274+00:00", "updated": "2026-03-27T09:45:53.723326+00:00", "vendors": ["eyecix", "eyecix$PRODUCT$addon_jobsearch_chat", "wordpress", "wordpress$PRODUCT$wordpress"]}