Careerfy < 3.9.0 – Unauthenticated Reflected Cross-Site Scripting (XSS) | CVE 2022-1169

Affects Themes

careerfy

Fixed in 3.9.0

References

CVE

CVE-2022-1169

URL

https://themeforest.net/item/careerfy-job-board-wordpress-theme/21137053

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

8.8 (high)

Miscellaneous

Original Researcher

Daniel Ruf

Submitter

Daniel Ruf

Submitter website

https://daniel-ruf.de

Submitter twitter

DanielRufde

Verified

Yes

WPVDB ID

f3a1dcad-528a-4ecc-ac8e-728caa7c9878

Timeline

Publicly Published

2020-06-03 (about 5 years ago)

Added

2020-06-03 (about 5 years ago)

Last Updated

2022-04-13 (about 3 years ago)

Other

Published

Title

Published

2023-09-28

Title

Modern Events Calendar lite < 7.1.0 - Authenticated (Admin+) Stored Cross-Site Scripting

Published

2015-03-13

Title

Wpml < 3.1.9 - XSS

Published

2025-05-19

Title

Coupons & Add to Cart by URL Links for WooCommerce < 1.7.8 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2023-06-26

Title

Image Map Pro – Drag-and-drop Builder for Interactive Images – Lite < 1.0.0 - Subscriber+ Stored XSS

Published

2022-05-04

Title

WP Slider <= 1.4.5 - Admin+ Stored Cross-Site Scripting