Client-Side Cross Site Scripting Vulnerabilities in WpJobBoard by WordPress
CVE-2017-15375

6.1MEDIUM

Key Information:

Vendor
Wordpress
Status
WPjobboard
Vendor
CVE Published:
16 October 2017

Summary

Multiple client-side cross site scripting vulnerabilities have been identified in WpJobBoard version 4.5.1 for WordPress. These security issues reside in the query and id parameters across several modules including wpjb-email, wpjb-job, wpjb-application, and wpjb-membership. Attackers can exploit these vulnerabilities to inject malicious scripts, potentially hijacking admin session credentials through non-persistent attack vectors. Notably, these exploits can occur through GET requests, making it easier for attackers to manipulate backend processes without needing elevated privileges.

References

https://www.vulnerability-lab.com/get_content.php?id=1941
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability Reserved

  • Vulnerability published

.