CareerUp < 2.3.1 - Unauthenticated Reflected Cross-Site Scripting

ID WPEX-ID:10289
Type wpexploit
Reporter Daniel Ruf
Modified 2020-07-04T05:00:06


There are unauthenticated reflected Cross-Site Scripting (XSS) vulnerabilities in CareerUp theme, via the filter parameters. Edit (WPScanTeam) May 27th, 2020 - Vendor Contacted by Original Submitter. May 29th, 2020 - v2.3.0 Released. Unclear if issue fixed. June 18th, 2020 - Another submitter (Vlad Vector) reported the same issue. Report escalated to Envato June 18th, 2020 - v2.3.1 released. Issue confirmed to be fixed.