CVE-2021-24421

Name of the Vulnerable Software and Affected Versions WP JobSearch WordPress plugin versions prior to 1.7.4

Description The issue allows low privilege users to use JavaScript payloads in parameters from the my-resume page, leading to a Stored Cross-Site Scripting issue. This is because the plugin did not sanitise or escape multiple of its parameters before outputting them in the page.

Recommendations For WP JobSearch WordPress plugin versions prior to 1.7.4, update to version 1.7.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the my-resume page to minimize the risk of exploitation.