The Job Manager WordPress plugin was affected by an Unauthenticated Stored Cross-Site Scripting (XSS) security vulnerability.
Go to the job listings page (/index.php/jobs/apply/), then click on "send through your résumé", add the payload ('"><img src=x onerror=prompt(document.cookie);>) to the email field.
The JavaScript will be executed on the admin job manager -> applications -> view details page.