WordPress Plugin Vulnerabilities

WPJobBoard < 5.7.0 - Unauthenticated Reflected XSS & XFS

Description

Unauthenticated Reflected XSS & XFS vulnerabilities were discovered in the WPJobBoard plugin v5.6.4 for WordPress.

Vulnerable parameters: query, location.

Proof of Concept

Affects Plugins

Plugin icon
wpjobboard
Fixed in 5.7.0

References

URL
https://ex-mi.ru/exploit/[2020-11-11]-[WordPress]-wpjobboard-plugin-v5.6.4.txt

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Original Researcher
Ex.Mi
Submitter
Ex.Mi
Submitter website
https://ex-mi.ru
Verified
Yes
WPVDB ID
4570ffb5-10ff-4dec-a0bd-99d5cd34655d

Timeline

Publicly Published
2020-11-25 (about 5 years ago)
Added
2020-11-25 (about 5 years ago)
Last Updated
2020-11-27 (about 5 years ago)

Other

Published
Title
Published
2026-02-11
Title
Mollie Payments for WooCommerce < 8.1.2 - Reflected Cross-Site Scripting
Published
2024-02-28
Title
Restaurant Solutions – Checklist 1.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting
Published
2024-04-29
Title
Front Editor < 4.4.8 - Admin+ Stored XSS
Published
2025-01-24
Title
Download IP2Location Country Blocker < 2.38.4 - Authenticated (Administrator+) Stored Cross-Site Scripting
Published
2025-03-03
Title
Structured Content (JSON-LD) #wpsc < 1.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via sc_fs_local_business Shortcode