{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-25377", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2026-02-02T12:53:01.429Z", "datePublished": "2026-03-25T16:14:46.544Z", "dateUpdated": "2026-03-25T16:14:46.544Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://themeforest.net", "defaultStatus": "unaffected", "packageName": "addon-jobsearch-chat", "product": "Addon Jobsearch Chat", "vendor": "eyecix", "versions": [{"changes": [{"at": "3.1", "status": "unaffected"}], "lessThanOrEqual": "<= 3.0", "status": "affected", "version": "n/a", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Phat RiO | Patchstack Bug Bounty Program"}], "datePublic": "2026-03-25T17:12:26.731Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in eyecix Addon Jobsearch Chat addon-jobsearch-chat allows SQL Injection.<p>This issue affects Addon Jobsearch Chat: from n/a through <= 3.0.</p>"}], "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in eyecix Addon Jobsearch Chat addon-jobsearch-chat allows SQL Injection.This issue affects Addon Jobsearch Chat: from n/a through <= 3.0."}], "impacts": [{"capecId": "CAPEC-66", "descriptions": [{"lang": "en", "value": "SQL Injection"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-89", "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-03-25T16:14:46.544Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Plugin/addon-jobsearch-chat/vulnerability/wordpress-addon-jobsearch-chat-plugin-3-0-sql-injection-vulnerability?_s_id=cve"}], "title": "WordPress Addon Jobsearch Chat plugin <= 3.0 - SQL Injection vulnerability"}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in eyecix Addon Jobsearch Chat addon-jobsearch-chat allows SQL Injection.This issue affects Addon Jobsearch Chat: from n/a through <= 3.0."}], "id": "CVE-2026-25377", "lastModified": "2026-03-25T17:16:48.117", "metrics": {}, "published": "2026-03-25T17:16:48.117", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Plugin/addon-jobsearch-chat/vulnerability/wordpress-addon-jobsearch-chat-plugin-3-0-sql-injection-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "audit@patchstack.com", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-03-25T17:58:22.222682+00:00", "value": {"mitigation_remediation": ["Apply the latest update of the Addon Jobsearch Chat plugin (any release newer than 3.0).", "If an update is not immediately available, disable the plugin to prevent exploitation until a patched version is released."], "summary": {"action": "Immediate Patch", "impact": "SQL Injection allowing unauthorized database access or modification"}, "threat_synthesis": {"affected_systems": "The plugin is distributed by eyecix and is compatible with versions from the initial release up to and including version 3.0. Any WordPress site running Addon Jobsearch Chat version 3.0 or earlier is potentially vulnerable. No additional vendor or product information is provided beyond the plugin name.", "description_and_impact": "An input sanitization flaw in the eyecix Addon Jobsearch Chat plugin allows an attacker to inject arbitrary SQL statements. This weakness can lead to data exposure, tampering, or deletion within the WordPress site's database. The vulnerability is tied to CWE-89, indicating that the input is not properly escaped before being included in SQL queries.", "risk_and_exploitability": "The lack of a CVSS score and unavailable EPSS data leaves the precise severity uncertain, but SQL injection is generally considered a high\u2011risk flaw due to its potential for full data compromise. Explanations in the advisory suggest the injection is likely possible through HTTP requests targeting the plugin\u2019s features. Since the issue is listed in public advisory sources and not flagged in the KEV catalog, it may not currently have a widespread, documented exploit but remains a critical security concern. Any attacker who can send crafted requests to the vulnerable plugin could obtain, alter, or delete sensitive data stored in the WordPress database."}}}}, "created": "2026-03-25T21:44:46.780274+00:00", "updated": "2026-03-25T21:44:46.780300+00:00", "vendors": []}