Workup – Job Board < 2.1.6 – Unauthenticated Reflected XSS | Theme Vulnerabilities

Affects Themes

Fixed in 2.1.6

References

URL

https://themeforest.net/item/workup-job-board-wordpress-theme/24261784

URL

https://github.com/vladvector/vladvector.github.io/blob/master/exploit/2020-06-17-workup-job-board-wordpress-theme-v2-1-5.txt

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Vlad Vector

Submitter

VLΛD VΞCTOR

Submitter website

https://vladvector.ru

Submitter twitter

Verified

No

WPVDB ID

863fd2c3-c37d-4c80-990c-dbe2d3d6db05

Timeline

Publicly Published

2020-07-13 (about 5 years ago)

Added

2020-07-13 (about 5 years ago)

Last Updated

2020-07-15 (about 5 years ago)

Other

Published

Title

Published

2024-12-19

Title

Embed Twine <= 0.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2025-02-18

Title

Social Media Plugin by Social Snap < 1.4 - Admin+ Stored XSS

Published

2020-07-29

Title

Reality < 2.5.6 - Multiple Reflected Cross-Site Scripting (XSS)

Published

2021-02-08

Title

Extra Charges To Payment Gateway For WooCommerce <= 2.0.2.1 - Unauthorised Arbitrary Plugin Settings Change to Stored XSS

Published

2024-08-28

Title

Premium Portfolio Features for Phlox theme < 2.3.5 - Contributor+ Stored XSS