Title: [Plugin: Job Manager] POSSIBLE SEVERE SECURITY ISSUE Last modified: August 20, 2016 --- # [Plugin: Job Manager] POSSIBLE SEVERE SECURITY ISSUE * [3ring](https://wordpress.org/support/users/3ring/) * (@3ring) * [14 years, 5 months ago](https://wordpress.org/support/topic/plugin-job-manager-possible-severe-security-issue/) * About 2 weeks ago I installed Job Manager 0.7.18 with WP 3.2.1. * All of the functions of JM are working fine, but I am under some sort of attack, daily. The attacks are only one per day, at a random time, and last only for a few minutes, but the attack(er) is able to fill out 100’s of job applications on each of the jobs I have posted. I’ve had over 3000 attack job apps posted in the last week. * I have installed SI Captcha, with no effect. * The forms that I receive are somehow bypassing the standard validation because the email field is never filled a valid email, yet the forms still get sent to me. * You can see that some sort of attack is going on form the strings filling some of the fields, examples below: ‘City: x’+wAiTfOr+dELay+’0:0:20’–‘ ‘Country: XxX1322084617360XxX’ ‘Where did you complete your degree?: XxX1322084617360XxX’ * Most apps I receive have a simple 0 in each field, with only one random field having this weird code in it. * Example of full email I receive, below” * ``` Job: 154 - XHTML / CSS Production Specialist http://www.3ring.com/jobs/xhtml-css-production-specialist/ Timestamp: 2011-11-23 23:31:32 Name: 0 Surname: 0 Email Address: webappscanner@mcafeesecure.com Address: 0 City: 0 Post code: 0 Country: 0 Telephone: 0 Cell phone: 1+DeClARe+@x+varchar(99)+set+@x=0x77616974666f722064656c61792027303a303a323027+exec(@x)-- ``` * Any suggestions? * [http://wordpress.org/extend/plugins/job-manager/](http://wordpress.org/extend/plugins/job-manager/) Viewing 2 replies - 1 through 2 (of 2 total) * Thread Starter [3ring](https://wordpress.org/support/users/3ring/) * (@3ring) * [14 years, 5 months ago](https://wordpress.org/support/topic/plugin-job-manager-possible-severe-security-issue/#post-2414745) * Here’s another example of an application that passed validation without an email: * ``` Job: 154 - XHTML / CSS Production Specialist http://www.3ring.com/jobs/xhtml-css-production-specialist/ Timestamp: 2011-11-23 23:32:40 Name: 0 Surname: 0 Email Address: /boot.ini%00 Address: 0 City: 0 Post code: 0 Country: 0 Telephone: 0 Cell phone: 0 Do you have a degree?: Yes Where did you complete your degree?: 0 Title of your degree: 0 : I have read and understood the Privacy Policy and Terms of Use. ``` * Plugin Author [Gary Pendergast](https://wordpress.org/support/users/pento/) * (@pento) * [14 years, 5 months ago](https://wordpress.org/support/topic/plugin-job-manager-possible-severe-security-issue/#post-2414747) * Thanks for the security report! I’m investigating a solution for this now, it just needs a bit more testing. 🙂 Viewing 2 replies - 1 through 2 (of 2 total) The topic ‘[Plugin: Job Manager] POSSIBLE SEVERE SECURITY ISSUE’ is closed to new replies. * ![](https://s.w.org/plugins/geopattern-icon/job-manager_2792c3.svg) * [Job Manager](https://wordpress.org/plugins/job-manager/) * [Frequently Asked Questions](https://wordpress.org/plugins/job-manager/#faq) * [Support Threads](https://wordpress.org/support/plugin/job-manager/) * [Active Topics](https://wordpress.org/support/plugin/job-manager/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/job-manager/unresolved/) * [Reviews](https://wordpress.org/support/plugin/job-manager/reviews/) * 2 replies * 2 participants * Last reply from: [Gary Pendergast](https://wordpress.org/support/users/pento/) * Last activity: [14 years, 5 months ago](https://wordpress.org/support/topic/plugin-job-manager-possible-severe-security-issue/#post-2414747) * Status: not resolved