WordPress Jobs Plugin Vulnerable to Stored Cross-Site Scripting Attacks

CVE-2024-10104

Currently unrated 🤨

Key Information

Vendor: WordPress
Status: Jobs For WordPress
Vendor: CVE Published:; 15 November 2024

Summary

The Jobs for WordPress plugin before 2.7.8 does not sanitise and escape some of its Job settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks

Affected Version(s)

Jobs for WordPress < 2.7.8

Timeline

Vulnerability published.
Nov 15, 2024
Vulnerability Reserved.
Oct 17, 2024

Collectors

NVD DatabaseMitre Database

Credit

Krugov Artyom

WPScan