Reflected Cross-Site Scripting Vulnerability in JobBoardWP Plugin for WordPress
CVE-2024-10880

6.1MEDIUM

Key Information:

Vendor: WordPress
Status: JobboardWP – Job Board Listings And Submissions
Vendor: CVE Published:; 23 November 2024

What is CVE-2024-10880?

The JobBoardWP plugin for WordPress contains a vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript code. This flaw arises from improper handling of query arguments in URL parameters using functions like add_query_arg and remove_query_arg without adequate escaping. As a result, an attacker can craft malicious links that, when clicked by a user, cause unintended script execution in their browser, potentially compromising user data and site integrity.

Affected Version(s)

JobBoardWP – Job Board Listings and Submissions 0 <= 1.3.0

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/jobboardwp/tag...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 23, 2024

CVE-2024-10880 Data

JSON