Lucene search

WordfenceCVELIST:CVE-2021-39329

HistoryOct 19, 2021 - 2:14 p.m.

CVE-2021-39329 JobBoardWP – Job Board Listings and Submissions <= 1.0.7 Authenticated Stored Cross-Site Scripting

2021-10-1914:14:51

CWE-79

Wordfence

www.cve.org

jobboardwp

xss

vulnerability

admin access

input validation

CVSS3

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

26.9%

JSON

The JobBoardWP WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/includes/admin/class-metabox.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.0.7. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.

CNA Affected

[
  {
    "product": "JobBoardWP",
    "vendor": "JobBoardWP",
    "versions": [
      {
        "lessThanOrEqual": "1.0.7",
        "status": "affected",
        "version": "1.0.7",
        "versionType": "custom"
      }
    ]
  }
]

References

github.com/BigTiger2020/word-press/blob/main/JobBoardWP%20%E2%80%93%20Job%20Board%20Listings%20and%20Submissions.md

plugins.trac.wordpress.org/browser/jobboardwp/trunk/includes/admin/class-metabox.php#L165

www.wordfence.com/vulnerability-advisories/#CVE-2021-39329

CVSS3

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

26.9%

JSON

Related for CVELIST:CVE-2021-39329