WordPress WP Job Manager 1.26.1 Cross Site Scripting

2017-06-15T00:00:00
ID PACKETSTORM:142956
Type packetstorm
Reporter Ehsan Hosseini
Modified 2017-06-15T00:00:00

Description

                                        
                                            `# Exploit Title: Stored Cross-Site Scripting in WP Job Manager  
# Date: 2017-06-15  
# Exploit Author: 0xCode Security Lab , Ehsan Hosseini  
# Software Link:  
https://wordpress.org/plugins/wp-job-manager/  
http://wpjobmanager.com/  
# Version: 1.26.1  
# Contact: info@0xcode.ir  
  
0xCode Lab ID:  
---------------  
0xC-201706-001  
  
Introduction:  
-------------  
WP Job Manager is a lightweight job listing plugin for adding  
job-board like functionality to WordPress sites. A Stored Cross-Site  
Scripting vulnerability was found in the WP Job Manager WordPress  
Plugin.  
  
Proof of Concept (PoC):  
------------------------  
1.From 'Job Listings' menu select 'Add New'  
http://localhost/wordpress/wp-admin/post-new.php?post_type=job_listing  
2.Enter this payload for title of job  
<script>alert('Ehsan Hosseini - Xss Stored')</script>  
and other complete other fields...  
3.Publish  
4.Go the 'All jobs'  
5.Boom Xss Executed.  
  
Disclosure Timeline:  
---------------------  
2017-06-09: Vulnerability found.  
2017-06-10: Reported to vendor.  
2017-06-12: Vendor responded, update released.  
2017-06-15: Public Disclosure.  
  
Fix:  
----  
This issue fixed in WP Job Manager 1.26.2  
  
References:  
------------  
https://github.com/Automattic/WP-Job-Manager/pull/1026  
https://wordpress.org/support/topic/wp-job-manager-1-26-2-released/  
  
Credits & Authors:  
------------------  
0xCode Security Lab , Ehsan Hosseini  
`