WordPress Plugin Vulnerabilities

WP Job Portal < 2.0.6 - Subscriber+ Stored XSS

Description

The plugin does not sanitise and escape some parameters, which could allow users with a role as low as subscriber to perform Stored Cross-Site Scripting attacks

Affects Plugins

Plugin icon
wp-job-portal
Fixed in 2.0.6

References

CVE
CVE-2023-28534

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
8.0 (high)

Miscellaneous

Original Researcher
Fariq Fadillah Gusti Insani
Verified
No
WPVDB ID
3b68e4d6-396b-4020-a1b1-204eb84cbd61

Timeline

Publicly Published
2023-03-17 (about 1 years ago)
Added
2023-06-22 (about 10 months ago)
Last Updated
2023-10-18 (about 6 months ago)

Other

Published
Title
Published
2021-08-30
Title
Easy Social Icons < 3.0.9 - Reflected Cross-Site Scripting
Published
2011-11-20
Title
WP-Cumulus - Cross Site Scripting Vulnerabily
Published
2022-03-01
Title
Bank Mellat <= 1.3.7 - Reflected Cross-Site Scripting
Published
2023-09-04
Title
WxSync <= 2.7.23 - Contributor+ Stored XSS
Published
2022-08-30
Title
WP < 6.0.2 - Reflected Cross-Site Scripting