Exploit Title: WordPress Plugin JobBoardWP – Job Board Listings and Submissions —— Stored Cross-Site Scripting
Vendor Homepage: https://wordpress.org/plugins/jobboardwp/
- Job Board >> Add New Job >> Add title and others >> Add title and enter the XSS payload :
- Click Publish,You will observe that the payload successfully got stored into the database and when you are triggering the same functionality at that time JavaScript payload is executing successfully and we are getting a pop-up.
3.Vulnerability proof: