Persistent XSS Vulnerability in WPJobBoard Plugin for WordPress
CVE-2020-9019

6.1MEDIUM

Key Information:

Vendor
Wordpress
Status
WPjobboard
Vendor
CVE Published:
25 February 2020

Summary

The WPJobBoard plugin version 5.5.3 for WordPress is susceptible to a Persistent Cross-Site Scripting (XSS) attack via the Add Job form. Attackers can exploit this vulnerability by inserting malicious scripts into the 'Title' and 'Description' fields, which are then rendered in the browser of any user who views the affected job postings. This allows for the potential theft of user data, session cookies, and other sensitive information, severely compromising the security and integrity of the WordPress site.

References

https://uploadboy.com/uhxq91nuxd6d/423/mp4
x_refsource_MISC
https://cert.ikiu.ac.ir/public-files/pages/attachments/11...
x_refsource_MISC
https://wpvulndb.com/vulnerabilities/10113
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.