JobCareer | Job Board Responsive WordPress Theme 2.5 - Stored XSS



Description
Bad input fields data filtering has been discovered in the «JobCareer | Job Board Responsive WordPress Theme».
Proof of Concept
http://jobcareer.chimpgroup.com/candidate/asdasdasdasdasd/

Register a new account on the demo website: http://jobcareer.chimpgroup.com/ , then go to the «Resume» profile tab: http://jobcareer.chimpgroup.com/candidate-dashboard/?profile_tab=resume . Some of input fields are vulnerable for Stored XSS Injections due to bad XSS filtering. Press the «+ Add new» link and use your payload only in the text editor area and only in the «Source» view (</> icon).

Sample payload to bypass XSS filter: <h1>QUIXSS</h1>"><script>alert('QUIXSS')</script>"><img src="x" onerror="alert('QUIXSS');">

Affects Theme

fixed in version 2.5.1

References

CVE 2019-15869
URL https://themeforest.net/item/jobcareer-job-board-responsive-wordpress-theme/14221636

Classification

Type XSS
OWASP Top 10 A7: Cross-Site Scripting (XSS)
CWE CWE-79

Miscellaneous

Original Researcher QUIXSS
Submitter quixss
Submitter Website defcon.su
Submitter Twitter @quixss
Views 10234
Verified No
WPVDB ID 9322

Timeline

Publicly Published 2019-04-24 (5 months ago)
Added 2019-05-29 (4 months ago)
Last Updated 2019-09-03 (18 days ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin