WordPress Plugin Vulnerabilities

Jobs for WordPress < 2.6.0 - Author+ Stored XSS

Description

The plugin does not sanitise and escape some parameters, which could allow users with a role as low as Author to perform Stored Cross-Site Scripting attacks

Affects Plugins

Plugin icon
job-postings
Fixed in 2.6.0

References

CVE
CVE-2022-44743

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
4.8 (medium)

Miscellaneous

Original Researcher
thiennv
Verified
No
WPVDB ID
7cea125a-19f3-42bb-b917-0889a0e09aa0

Timeline

Publicly Published
2023-02-02 (about 3 years ago)
Added
2023-04-24 (about 3 years ago)
Last Updated
2023-04-24 (about 3 years ago)

Other

Published
Title
Published
2024-03-25
Title
iCalendrier < 1.81 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2025-01-30
Title
Gosign – Posts Slider Block <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2022-12-21
Title
Page Scroll To ID < 1.7.6 - Contributor+ Stored XSS
Published
2024-11-08
Title
Awesome Fitness Testimonials <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2023-11-30
Title
UserPro < 5.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode