CVE-2024-10105
📋 TL;DR
The Job Postings WordPress plugin before version 2.7.11 contains a stored cross-site scripting (XSS) vulnerability in plugin settings. This allows authenticated users with contributor-level privileges or higher to inject malicious scripts that execute when other users view affected pages. The vulnerability is particularly concerning in WordPress multisite installations where unfiltered_html capabilities are restricted.
💻 Affected Systems
- Job Postings WordPress Plugin
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
An attacker with contributor access could inject malicious JavaScript that steals administrator session cookies, redirects users to phishing sites, or performs actions on behalf of authenticated users, potentially leading to complete site compromise.
Likely Case
Malicious contributors could inject advertising scripts, deface content, or steal user session data from visitors viewing job postings or plugin settings pages.
If Mitigated
With proper user role management and content security policies, impact is limited to potential content defacement within the plugin's interface.
🎯 Exploit Status
Exploitation requires contributor-level access or higher. The vulnerability is publicly documented with technical details available.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.7.11
Vendor Advisory: https://wpscan.com/vulnerability/4477db12-26e9-4c6d-8b71-f3f6a0d19813/
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Job Postings' plugin. 4. Click 'Update Now' if update is available. 5. Alternatively, download version 2.7.11+ from WordPress repository and manually update.
🔧 Temporary Workarounds
Temporary Plugin Deactivation
allDisable the vulnerable plugin until patched
wp plugin deactivate job-postings
Restrict User Roles
allTemporarily remove contributor and author roles from untrusted users
wp user remove-role <username> contributor
wp user remove-role <username> author
🧯 If You Can't Patch
- Implement Content Security Policy (CSP) headers to restrict script execution
- Use WordPress security plugins that filter malicious input at the application level
🔍 How to Verify
Check if Vulnerable:
Check plugin version in WordPress admin under Plugins → Installed Plugins. If version is below 2.7.11, system is vulnerable.Check Version:
wp plugin get job-postings --field=versionVerify Fix Applied:
Verify plugin version is 2.7.11 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to job posting settings endpoints
- JavaScript payloads in plugin setting updates
Network Indicators:
- External script loads from job posting pages
- Suspicious outbound connections from admin users viewing plugin settings
SIEM Query:
source="wordpress" AND (uri_path="/wp-admin/admin.php?page=job-postings" OR plugin_name="job-postings") AND (http_method="POST" OR contains(message, "<script>"))