This vulnerability (CVE-2026-57653) is an SQL Injection issue classified under CWE-89 in the WP Job Portal product. It affects versions up to and including 2.5.2. The flaw arises from improper neutralization of special elements in SQL commands, specifically through contributor input. The CVSS 3.1 score is 8.5, indicating high severity, with an attack vector of network, low attack complexity, requiring low privileges, no user interaction, and a scope change. The impact is high confidentiality loss, no integrity loss, and low availability loss. No patch or official remediation level has been published yet, and no known exploits in the wild have been reported.

Successful exploitation could allow an attacker with low privileges to execute arbitrary SQL commands, leading to high confidentiality impact such as unauthorized data disclosure. Integrity is not impacted according to the CVSS vector, and availability impact is low. This could compromise sensitive data stored in the database used by WP Job Portal.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, restrict contributor privileges and monitor for suspicious activity related to SQL injection attempts. Avoid exposing the vulnerable application to untrusted networks if possible.