Vulnerabilities and security researches forjob-postings job-postings

Jun 07, 2024

CVE, Research URL: CVE-2024-2833
Home page URL: Security reports for Jobs for WordPress
Application: Jobs for WordPress
Date: Apr 18, 2024
Research Description: The Jobs for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘job-search’ parameter in all versions up to, and including, 2.7.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2023-26017
Home page URL: Security reports for Jobs for WordPress
Application: Jobs for WordPress
Date: May 03, 2023
Research Description: Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in BlueGlass Jobs for WordPress plugin <= 2.5.10.2 versions.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2024-0820
Home page URL: Security reports for Jobs for WordPress
Application: Jobs for WordPress
Date: Mar 19, 2024
Research Description: The Jobs for WordPress plugin before 2.7.4 does not sanitise and escape some parameters, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2022-44743
Home page URL: Security reports for Jobs for WordPress
Application: Jobs for WordPress
Date: Apr 23, 2023
Research Description: Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in BlueGlass Jobs for WordPress plugin <= 2.5.11.2 versions.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2024-32149
Home page URL: Security reports for Jobs for WordPress
Application: Jobs for WordPress
Date: Apr 15, 2024
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BlueGlass Jobs for WordPress allows Reflected XSS.This issue affects Jobs for WordPress: from n/a through 2.7.5.
Affected versions: Min -, max -.
Status: vulnerable

Nov 17, 2024

CVE, Research URL: CVE-2024-10104
Home page URL: Security reports for Jobs for WordPress
Application: Jobs for WordPress
Date: Nov 15, 2024
Research Description: The Jobs for WordPress plugin before 2.7.8 does not sanitise and escape some of its Job settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks
Affected versions: Min -, max -.
Status: vulnerable

Mar 26, 2025

CVE, Research URL: CVE-2025-1310
Home page URL: Security reports for Jobs for WordPress
Application: Jobs for WordPress
Date: Mar 26, 2025
Research Description: The Jobs for WordPress plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.7.11 via the 'job_postings_get_file' parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2024-10105
Home page URL: Security reports for Jobs for WordPress
Application: Jobs for WordPress
Date: Mar 25, 2025
Research Description: The Job Postings WordPress plugin before 2.7.11 does not sanitise and escape some of its settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Affected versions: Min -, max -.
Status: vulnerable

Jul 03, 2025

CVE, Research URL: CVE-2025-50050
Home page URL: Security reports for Jobs for WordPress
Application: Jobs for WordPress
Date: Jun 20, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BlueGlass Interactive AG Jobs for WordPress allows Stored XSS. This issue affects Jobs for WordPress: from n/a through 2.7.12.
Affected versions: Min -, max -.
Status: vulnerable