CVE-2023-0078

Name of the Vulnerable Software and Affected Versions Resume Builder WordPress plugin versions 3.1.1 and earlier

Description The issue allows users with a role as low as subscriber to perform Stored XSS attacks against higher privilege users. This is due to the plugin not sanitizing and escaping some parameters related to Resume.

Recommendations For Resume Builder WordPress plugin versions 3.1.1 and earlier, update to a version later than 3.1.1 to resolve the issue. As a temporary workaround, consider restricting the use of the Resume feature to minimize the risk of exploitation.