WordPress eDoc Employee Job Application Plugin <= 1.13 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-48322

7.1HIGH

Key Information:

Vendor: Wordpress
Status: Edoc Employee Job Application – Best WordPress Job Manager For Employees
Vendor: CVE Published:; 30 November 2023

Summary

A reflected cross-site scripting (XSS) vulnerability exists in the eDoc Employee Job Application, a popular plugin for WordPress. This flaw allows an attacker to inject malicious scripts into web pages viewed by users, potentially leading to unauthorized access to sensitive information and user sessions. The vulnerability affects versions of the plugin from n/a up to 1.13, emphasizing the need for users to promptly update their installations to mitigate potential risks.

Affected Version(s)

eDoc Employee Job Application – Best WordPress Job Manager for Employees <= 1.13

References

https://patchstack.com/database/vulnerability/edoc-employ...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Nov 30, 2023
Vulnerability Reserved
Nov 14, 2023

Credit

DoYeon Park / p6rkdoye0n (Patchstack Alliance)