header-logo
Suggest Exploit
vendor:
Job Manager Plugin For Wordpress
by:
Owais Mehtab
8.8
CVSS
HIGH
Persistent XSS
79
CWE
Product Name: Job Manager Plugin For Wordpress
Affected Version From: 2000.7.22
Affected Version To: 2000.7.22
Patch Exists: YES
Related CWE: CVE-2015-2321
CPE: 2.3:a:wp-jobmanager:job_manager
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2015

Job Manager Persistent XSS

A persistent Cross site scripting (XSS) in Job Manager Plugin has been discovered, the plugin's email field was not sanitized thus the vulnerability can be easily exploited and can be used to steal cookies,perform phishing attacks and other various attacks compromising the security of a user.

Mitigation:

Upgrade to the latest version of Job Manager Plugin for Wordpress.
Source

Exploit-DB raw data:

Job Manager Persistent XSS

Details
========================================================================================
Product: Job Manager Plugin For Wordpress
Vendor-URL: www.wp-jobmanager.com
CVE-ID: CVE-2015-2321


Credits
========================================================================================
Discovered by: Owais Mehtab


Affected Products:
========================================================================================
Job Manager Plugin <= 0.7.22

Description
========================================================================================
"Job Manager Plugin For Wordpress"

More Details
========================================================================================
A persistent Cross site scripting (XSS) in Job Manager Plugin has been discovered,
the plugin's email field was not sanitized thus the vulnerability can be easily 
exploited and can be used to steal cookies,perform phishing attacks and other various 
attacks compromising the security of a user.

Proof of Concept
========================================================================================
Click on the "send through your résume" and set the below vector in email field

'"><img src=x onerror=prompt(document.cookie);>

Now click on initiate chat 

PoC Video
https://www.dropbox.com/s/i8cuf15hbdf5tmu/jobmanager-xss.mp4

Navigation

Suggest Exploit

Services By CQR