CVE-2025-49455

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ClickandPledge WordPress-WPJobBoard click-pledge-wpjobboard allows Blind SQL Injection.This issue affects WordPress-WPJobBoard: from n/a through <= 25.07010000-WP6.8.1-JB5.11.5.
Configurations

No configuration.

History

23 Apr 2026, 15:31

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.3

01 Apr 2026, 17:25

Type Values Removed Values Added
Summary (en) Deserialization of Untrusted Data vulnerability in LoftOcean TinySalt allows Object Injection.This issue affects TinySalt: from n/a before 3.10.0. (en) Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ClickandPledge WordPress-WPJobBoard click-pledge-wpjobboard allows Blind SQL Injection.This issue affects WordPress-WPJobBoard: from n/a through <= 25.07010000-WP6.8.1-JB5.11.5.
CWE CWE-502 CWE-89
CVSS v2 : unknown
v3 : 9.8
v2 : unknown
v3 : unknown
References
  • {'url': 'https://patchstack.com/database/wordpress/theme/tinysalt/vulnerability/wordpress-tinysalt-3-10-0-php-object-injection-vulnerability?_s_id=cve', 'source': 'audit@patchstack.com'}
  • () https://patchstack.com/database/Wordpress/Plugin/click-pledge-wpjobboard/vulnerability/wordpress-wordpress-wpjobboard-25-03000000-wp6-7-2-jb5-11-4-sql-injection-vulnerability?_s_id=cve -

12 Jun 2025, 16:06

Type Values Removed Values Added
Summary
  • (es) La vulnerabilidad de deserialización de datos no confiables en LoftOcean TinySalt permite la inyección de objetos. Este problema afecta a TinySalt: desde n/d antes de 3.10.0.

10 Jun 2025, 13:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-06-10 13:15

Updated : 2026-06-17 09:31


NVD link : CVE-2025-49455

Mitre link : CVE-2025-49455

CVE.ORG link : CVE-2025-49455


JSON object : View

Products Affected

No product.

CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')