Job Portal <= 0.0.1 - Admin+ Stored Cross-Site Scripting

2021-10-14T00:00:00
ID WPVDB-ID:B8F8B08A-1C80-48E1-9700-D80F95F4D276
Type wpvulndb
Reporter wpvulndb
Modified 2021-10-15T06:47:22

Description

The plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/admin/jobs_function.php file which allowed attackers with administrative user access to inject arbitrary web scripts. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.