CVE-2024-10104

Published Nov 15, 2024

Last updated 11 days ago

CVSS medium 5.9

Overview

Description: The Jobs for WordPress plugin before 2.7.8 does not sanitise and escape some of its Job settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks
Source: contact@wpscan.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Secondary
Base score: 5.9
Impact score: 3.7
Exploitability score: 1.7
Vector string: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
Severity: MEDIUM

Weaknesses

nvd@nist.gov: CWE-79

Hype score: Not currently trending

CVE-2024-10104 The Jobs for WordPress plugin before 2.7.8 does not sanitise and escape some of its Job settings, which could allow high privilege users such as contributor to perfor… https://t.co/SSuNIiC7hV
@CVEnew
15 Nov 2024
330 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:blueglass:jobs_for_wordpress:*:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F94E74C7-0709-484F-A32C-FA93D38125D9",
            "versionEndExcluding": "2.7.8"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References