29 matches found
Cross site scripting
The job-manager plugin before 0.7.19 for WordPress has multiple XSS issues...
CVE-2012-6713
The job-manager plugin before 0.7.19 for WordPress has multiple XSS issues...
CVE-2012-6713
The CVE-2012-6713 entry concerns the WordPress Job Manager plugin, specifically versions before 0.7.19, which has multiple XSS issues. The vulnerability arises in the plugin’s handling of input to allow execution of client-side scripts, potentially impacting site visitors. Several connected sourc...
CVE-2015-6668
The Job Manager plugin before 0.7.25 allows remote attackers to read arbitrary CV files via a brute force attack to the WordPress upload directory structure, related to an insecure direct object reference...
CVE-2015-6668
The WordPress Job Manager plugin vulnerable versions before 0.7.25 allow remote attackers to read arbitrary CV files via an insecure direct object reference by brute-forcing the WordPress upload directory. Impact: CV file disclosure; attack vector: network, no authentication required. Remediation...
WordPress Job Manager Plugin <= 0.7.24 - Cross Site Scripting (XSS)
This plugin is prone to a cross site scripting vulnerability, because authenticated administrators can inject HTML or JS code. Vulnerable parameter is "jobman-rating". Solution Update the plugin...
CVE-2015-2321
Cross-site scripting XSS vulnerability in the Job Manager plugin 0.7.22 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the email field...
CVE-2015-2321
The CVE-2015-2321 entry applies to the WordPress Job Manager plugin (Job Manager Plugin for WordPress) version
WordPress Job Manager Plugin 0.7.22 - Persistent XSS
Job Manager plugin is prone to a persistent XSS vulnerability, because email field was not sanitized. It allows an attacler to steal cookies or perform phishing attacks. Other attacks are also possible. Solution Update the plugin...