CVE-2017-15375

Name of the Vulnerable Software and Affected Versions WpJobBoard version 4.5.1

Description The issue concerns multiple client-side cross-site scripting vulnerabilities. These vulnerabilities are located in the query and id parameters of the wpjb-email, wpjb-job, wpjb-application, and wpjb-membership modules. Remote attackers can inject malicious script code to hijack admin session credentials via the backend or manipulate the backend on client-side performed requests. The attack vector is non-persistent, and the request method to inject is GET. No privileged user account is needed for a successful exploitation.

Recommendations For WpJobBoard version 4.5.1, consider disabling the wpjb-email, wpjb-job, wpjb-application, and wpjb-membership modules until a patch is available. Avoid using the query and id parameters in these modules to minimize the risk of exploitation.