CVE-2024-10887

Name of the Vulnerable Software and Affected Versions NiceJob plugin for WordPress versions prior to 3.6.5

Description The issue is related to Stored Cross-Site Scripting via several of the plugin's shortcodes, including nicejob-lead, nicejob-review, nicejob-engage, nicejob-badge, and nicejob-stories, due to insufficient input sanitization and output escaping on user-supplied attributes. This allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Recommendations Update to the latest version (3.6.5) immediately to protect your site. As a temporary workaround, consider restricting access to the vulnerable shortcodes until the update is applied.