CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2024-10104 – Jobs for WordPress < 2.7.8 - Contributor+ Stored XSS
https://notcve.org/view.php?id=CVE-2024-10104
28 Oct 2024 — The Jobs for WordPress plugin before 2.7.8 does not sanitise and escape some of its Job settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks The Jobs for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.7.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary we... • https://wpscan.com/vulnerability/f0a9c8ae-f2cf-4322-8216-4778b0e37a48 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 0CVE-2024-2833 – Jobs for WordPress <= 2.7.5 - Reflected Cross-Site Scripting via job-search
https://notcve.org/view.php?id=CVE-2024-2833
17 Apr 2024 — The Jobs for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘job-search’ parameter in all versions up to, and including, 2.7.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. El complemento Jobs for WordPress para WordPress es vulnerable a Cross-site Scripting ... • https://plugins.trac.wordpress.org/changeset/3064421/job-postings/trunk/include/shortcodes/class-job-search.php • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2024-0820 – Jobs for WordPress < 2.7.4 - Contributor+ Stored XSS
https://notcve.org/view.php?id=CVE-2024-0820
21 Feb 2024 — The Jobs for WordPress plugin before 2.7.4 does not sanitise and escape some parameters, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks El complemento Jobs for WordPress anterior a 2.7.4 no sanitiza ni escapa a algunos parámetros, lo que podría permitir a los usuarios con un rol tan bajo como colaborador realizar ataques de Cross-Site Scripting Almacenado. The Jobs for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via "W... • https://wpscan.com/vulnerability/fc091bbd-7338-4bd4-add5-e46502a9a949 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-26017 – WordPress Jobs for WordPress Plugin <= 2.5.10.2 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-26017
21 Feb 2023 — Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in BlueGlass Jobs for WordPress plugin <= 2.5.10.2 versions. The Jobs for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.5.10.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrator-level access, and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.... • https://patchstack.com/database/vulnerability/job-postings/wordpress-jobs-for-wordpress-plugin-2-5-10-2-cross-site-scripting-xss?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-44743 – WordPress Jobs for WordPress Plugin <= 2.5.11.2 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2022-44743
02 Feb 2023 — Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in BlueGlass Jobs for WordPress plugin <= 2.5.11.2 versions. The Jobs for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.5.10.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with author privileges to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Auth. • https://patchstack.com/database/vulnerability/job-postings/wordpress-jobs-for-wordpress-plugin-2-5-10-2-auth-stored-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •