CVE-2021-39335

Name of the Vulnerable Software and Affected Versions: WpGenius Job Listing WordPress plugin versions up to and including 1.0.2

Description: The issue arises from insufficient input validation and sanitization via several parameters in the ~/src/admin/class/class-wpgenious-job-listing-options.php file. This allows attackers with administrative user access to inject arbitrary web scripts. The vulnerability affects multi-site installations where unfiltered html is disabled for administrators, as well as sites where unfiltered html is disabled.

Recommendations: For versions up to and including 1.0.2, update to a version that includes the necessary input validation and sanitization fixes to prevent Stored Cross-Site Scripting attacks. As a temporary workaround, consider restricting administrative access to trusted users only and enabling the unfiltered html capability for administrators to minimize the risk of exploitation.