CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 1CVE-2024-10105 – Jobs for WordPress < 2.7.11 - Contributor+ Stored XSS
https://notcve.org/view.php?id=CVE-2024-10105
25 Mar 2025 — The Job Postings WordPress plugin before 2.7.11 does not sanitise and escape some of its settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). • https://wpscan.com/vulnerability/4477db12-26e9-4c6d-8b71-f3f6a0d19813 •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1310 – Jobs for WordPress <= 2.7.11 - Authenticated (Subscriber+) Arbitrary File Read
https://notcve.org/view.php?id=CVE-2025-1310
25 Mar 2025 — The Jobs for WordPress plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.7.11 via the 'job_postings_get_file' parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information. • https://plugins.trac.wordpress.org/browser/job-postings/tags/2.7.11/include/class-job-get-uploaded-file.php#L91 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32149 – WordPress Jobs for WordPress plugin <= 2.7.5 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-32149
12 Apr 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BlueGlass Jobs for WordPress allows Reflected XSS.This issue affects Jobs for WordPress: from n/a through 2.7.5. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('cross-site Scripting') en BlueGlass Jobs para WordPress permite Reflected XSS. Este problema afecta a Jobs for WordPress: desde n/a hasta 2.7.5. The Jobs for WordPress plugin for WordPress is vulne... • https://patchstack.com/database/vulnerability/job-postings/wordpress-jobs-for-wordpress-plugin-2-7-5-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •