Job Manager
Monthly
The Job Manager WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/admin-jobs.php file which. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
The Job Manager plugin before 0.7.25 allows remote attackers to read arbitrary CV files via a brute force attack to the WordPress upload directory structure, related to an insecure direct object. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 84.0%.
Cross-site scripting (XSS) vulnerability in the Job Manager plugin 0.7.22 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the email field. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.
The Job Manager WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/admin-jobs.php file which. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
The Job Manager plugin before 0.7.25 allows remote attackers to read arbitrary CV files via a brute force attack to the WordPress upload directory structure, related to an insecure direct object. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 84.0%.
Cross-site scripting (XSS) vulnerability in the Job Manager plugin 0.7.22 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the email field. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.