Client-Side Cross Site Scripting Vulnerabilities in WpJobBoard by WordPress
CVE-2017-15375
6.1MEDIUM
What is CVE-2017-15375?
Multiple client-side cross site scripting vulnerabilities have been identified in WpJobBoard version 4.5.1 for WordPress. These security issues reside in the query and id parameters across several modules including wpjb-email, wpjb-job, wpjb-application, and wpjb-membership. Attackers can exploit these vulnerabilities to inject malicious scripts, potentially hijacking admin session credentials through non-persistent attack vectors. Notably, these exploits can occur through GET requests, making it easier for attackers to manipulate backend processes without needing elevated privileges.