WordPress is the WordPress (Wordpress) Foundation’s suite of blogging platforms developed using the PHP language. A cross-site scripting vulnerability exists in the WordPress plugin Simple Job Board in version 2.9.4 and below, which is caused by an under-transparent $job_board_privacy_policy_label variable in ~/admin/settings/class-simple-job-board-settings The $job_board_privacy_policy_label variable is under-escaped in the ~/privacy.php file. An attacker with administrative user access could exploit this vulnerability to inject arbitrary web scripts.
CPE | Name | Operator | Version |
---|---|---|---|
wordpress simple job board | le | 2.9.4 |