WPJobBoard <= 5.5.3 - Unauthenticated Stored Cross-Site Scripting (XSS) Issue



Description
"An attacker can submit malicious javascript code (persistent XSS) on some fields of 'add job' form (in frontend). Then, when an admin want to edit (or delete) this job in control page, the malicious payload will be executed."


Edit (WPScanTeam)
February 26th, 2020 - Vendor contacted via their page (https://wpjobboard.net/contact/)
March 5th, 2020 - No response from vendor, disclosing as issue is already public

Affects Plugin

no known fix

References

CVE 2020-9019
URL https://cert.ikiu.ac.ir/public-files/pages/attachments/11/a1f0e3e5aa9ba583298d03758b8ae95c.pdf

Classification

Type XSS
OWASP Top 10 A7: Cross-Site Scripting (XSS)
CWE CWE-79

Miscellaneous

Views 1096
Verified Yes
WPVDB ID 10113

Timeline

Publicly Published 2020-02-26 (3 months ago)
Added 2020-03-05 (3 months ago)
Last Updated 2020-03-11 (3 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin