CVE-2024-35759
📋 TL;DR
This stored cross-site scripting (XSS) vulnerability in the WP Job Portal WordPress plugin allows attackers to inject malicious scripts into web pages. When exploited, these scripts execute in the browsers of users who view the compromised pages, potentially stealing session cookies or performing unauthorized actions. The vulnerability affects all versions up to 2.1.3.
💻 Affected Systems
- WP Job Portal WordPress Plugin
📦 What is this software?
Wp Job Portal by Wpjobportal
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal administrator session cookies, take over WordPress admin accounts, install backdoors, deface websites, or redirect users to malicious sites.
Likely Case
Attackers inject malicious JavaScript to steal user session cookies or credentials, potentially compromising user accounts and sensitive data.
If Mitigated
With proper input validation and output encoding, malicious scripts would be neutralized before execution, preventing exploitation.
🎯 Exploit Status
XSS vulnerabilities are commonly weaponized. This appears to require admin access based on the advisory mentioning 'admin cross-site scripting', making authenticated exploitation likely.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.1.4 or later
Vendor Advisory: https://patchstack.com/database/vulnerability/wp-job-portal/wordpress-wp-job-portal-plugin-2-1-3-admin-cross-site-scripting-xss-vulnerability
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find WP Job Portal. 4. Click 'Update Now' if update available. 5. If no update appears, manually download version 2.1.4+ from WordPress.org and replace plugin files.
🔧 Temporary Workarounds
Disable WP Job Portal Plugin
allTemporarily disable the vulnerable plugin until patched
wp plugin deactivate wp-job-portal
Implement Content Security Policy (CSP)
allAdd CSP headers to restrict script execution sources
Add to .htaccess: Header set Content-Security-Policy "default-src 'self'; script-src 'self'"
Or add to wp-config.php: header("Content-Security-Policy: default-src 'self'; script-src 'self'");
🧯 If You Can't Patch
- Disable the WP Job Portal plugin immediately
- Implement web application firewall (WAF) rules to block XSS payloads
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Installed Plugins for WP Job Portal versionCheck Version:
wp plugin get wp-job-portal --field=versionVerify Fix Applied:
Verify WP Job Portal version is 2.1.4 or higher in WordPress admin panel📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to job portal endpoints with script tags
- Admin user actions from unexpected IP addresses or locations
Network Indicators:
- Outbound connections to suspicious domains from WordPress server
- Unexpected JavaScript loading from job portal pages
SIEM Query:
source="wordpress.log" AND ("wp-job-portal" AND ("<script" OR "javascript:" OR "onerror=" OR "onload="))🔗 References
- https://patchstack.com/database/vulnerability/wp-job-portal/wordpress-wp-job-portal-plugin-2-1-3-admin-cross-site-scripting-xss-vulnerability?_s_id=cve
- https://patchstack.com/database/vulnerability/wp-job-portal/wordpress-wp-job-portal-plugin-2-1-3-admin-cross-site-scripting-xss-vulnerability?_s_id=cve
