Themes Vulnerabilities

JobCareer < 2.5.1 - Authenticated Stored Cross-Site Scripting

Description

Bad input fields data filtering has been discovered in the 'JobCareer | Job Board Responsive WordPress Theme'.

Proof of Concept

Affects Themes

jobcareer
Fixed in 2.5.1

References

CVE
CVE-2019-15869
URL
https://themeforest.net/item/jobcareer-job-board-responsive-wordpress-theme/14221636

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
5.4 (medium)

Miscellaneous

Original Researcher
QUIXSS
Submitter
quixss
Submitter website
https://defcon.su
Submitter twitter
@quixss
Verified
No
WPVDB ID
f6da80b6-0954-4898-8966-e6c56ac02a06

Timeline

Publicly Published
2019-04-24 (about 7 years ago)
Added
2019-05-29 (about 6 years ago)
Last Updated
2021-01-19 (about 5 years ago)

Other

Published
Title
Published
2023-01-11
Title
Flexible Captcha <= 4.1 - Contributor+ Stored XSS
Published
2023-06-28
Title
Layer Slider <= 1.1.9.7 - Contributor+ Stored XSS
Published
2022-10-10
Title
JReviews <= 4.1.5 - Reflected Cross-Site Scripting
Published
2023-05-16
Title
Chaty < 3.1 - Admin+ Stored Cross-Site Scripting
Published
2025-11-04
Title
SMS for WordPress <= 1.1.8 - Reflected Cross-Site Scripting