What the vulnerability does
01Description
Subscriber Cross Site Scripting (XSS) in WP Job Portal <= 2.5.2 versions.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
What the vulnerability does
Subscriber Cross Site Scripting (XSS) in WP Job Portal <= 2.5.2 versions.
Explanation of Vulnerability in Simple Terms
WP Job Portal versions up to 2.5.2 contain a cross-site scripting (XSS) vulnerability that allows authenticated users to inject malicious scripts. An attacker with low-level site access can craft a malicious link or page that, when visited by another user, executes arbitrary JavaScript in their browser. This can lead to session hijacking, credential theft, or unauthorized actions performed on behalf of the victim.
What an attacker can do
Inject and execute malicious JavaScript in other users' browsers to steal sessions, credentials, or perform unauthorized actions.
Potential impact on your site
Authenticated users can be tricked into executing attacker-controlled scripts, risking account compromise and data theft across your site.
Conditions required to exploit
Attacker must have a low-privilege account on the site; victim must click a malicious link or visit a crafted page.
Key dates
External resources
Related vulnerabilities