Jobs for WordPress < 2.7.4 – Contributor+ Stored XSS | CVE 2024-0820 | Plugin Vulnerabilities

Description

The plugin does not sanitise and escape some parameters, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks

Proof of Concept

1. As a Contributor, navigate to "Add new position"
2. On the page to create a post, in the "Working Hours" add: `<img src=x onerror=alert(1)>`
3. When a higher level user publishes or previews the page, the XSS alert is shown.

Affects Plugins

Fixed in 2.7.4

References

CVE

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Submitter

cyc707

Verified

Yes

WPVDB ID

fc091bbd-7338-4bd4-add5-e46502a9a949

Timeline

Publicly Published

2024-02-21 (about 1 year ago)

Added

2024-02-21 (about 1 year ago)

Last Updated

2024-02-21 (about 1 year ago)

Other

Published

Title

Published

2025-02-10

Title

GeoDirectory – WP Business Directory Plugin and Classified Listings Directory < 2.8.98 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Display_name Parameter

Published

2019-04-17

Title

Download Manager <= 2.9.93 - Authenticated Cross-Site Scripting (XSS)

Published

2014-08-01

Title

SyntaxHighlighter Evolved <= 3.1.9 - Unspecified Cross-Site Scripting (XSS)

Published

2025-03-02

Title

Debug-Bar-Extender <= 0.5 - Reflected Cross-Site Scripting

Published

2024-09-30

Title

RomethemeKit For Elementor < 1.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting