WordPress WP Job Manager plugin version 1.26.1 suffers from a stored cross site scripting vulnerability.
22f715ada1cd2bc8be3ef851254722ce
# Exploit Title: Stored Cross-Site Scripting in WP Job Manager
# Date: 2017-06-15
# Exploit Author: 0xCode Security Lab , Ehsan Hosseini
# Software Link:
https://wordpress.org/plugins/wp-job-manager/
http://wpjobmanager.com/
# Version: 1.26.1
# Contact: [email protected]
0xCode Lab ID:
---------------
0xC-201706-001
Introduction:
-------------
WP Job Manager is a lightweight job listing plugin for adding
job-board like functionality to WordPress sites. A Stored Cross-Site
Scripting vulnerability was found in the WP Job Manager WordPress
Plugin.
Proof of Concept (PoC):
------------------------
1.From 'Job Listings' menu select 'Add New'
http://localhost/wordpress/wp-admin/post-new.php?post_type=job_listing
2.Enter this payload for title of job
<script>alert('Ehsan Hosseini - Xss Stored')</script>
and other complete other fields...
3.Publish
4.Go the 'All jobs'
5.Boom Xss Executed.
Disclosure Timeline:
---------------------
2017-06-09: Vulnerability found.
2017-06-10: Reported to vendor.
2017-06-12: Vendor responded, update released.
2017-06-15: Public Disclosure.
Fix:
----
This issue fixed in WP Job Manager 1.26.2
References:
------------
https://github.com/Automattic/WP-Job-Manager/pull/1026
https://wordpress.org/support/topic/wp-job-manager-1-26-2-released/
Credits & Authors:
------------------
0xCode Security Lab , Ehsan Hosseini