Vulnerabilities > CVE-2023-3328 - Unspecified vulnerability in Custom Field for WP JOB Manager Project Custom Field for WP JOB Manager 1.1

CVSS 4.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

NONE

network

low complexity

custom-field-for-wp-job-manager-project

NVD

Published: 2023-08-14

Updated: 2024-11-21

Summary

The Custom Field For WP Job Manager WordPress plugin before 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

Vulnerable Configurations

Part	Description	Count
Application	Custom_Field_For_Wp_Job_Manager_Project Custom Field FOR WP JOB Manager Project Custom Field FOR WP JOB Manager - Custom Field FOR WP JOB Manager Project Custom Field FOR WP JOB Manager 1.1	2

References

https://wpscan.com/vulnerability/d8b76875-cf7f-43a9-b88b-d8aefefab131
https://wpscan.com/vulnerability/d8b76875-cf7f-43a9-b88b-d8aefefab131