Aggregates CVE and security vulnerability intelligence across all blueglass-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Common weakness patterns include vendor risk cross-site scripting, with potential vendor impact session compromise across vendor surface production workloads and vendor surface software deployment use cases.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2024-10105 | The Job Postings WordPress plugin before 2.7.11 does not sanitise and escape some of its settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | [email protected] | 5.9 | 0.06% | 2025-03-25 | 2025-04-02 |
| CVE-2024-10104 | The Jobs for WordPress plugin before 2.7.8 does not sanitise and escape some of its Job settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks | [email protected] | 5.9 | 0.17% | 2024-11-15 | 2025-04-11 |
| CVE-2024-2833 | The Jobs for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘job-search’ parameter in all versions up to, and including, 2.7.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | [email protected] | 6.1 | 1.27% | 2024-04-18 | 2026-04-08 |
| CVE-2024-32149 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BlueGlass Jobs for WordPress allows Reflected XSS.This issue affects Jobs for WordPress: from n/a through 2.7.5. | [email protected] | 7.1 | 0.23% | 2024-04-15 | 2026-04-28 |
| CVE-2024-0820 | The Jobs for WordPress plugin before 2.7.4 does not sanitise and escape some parameters, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks | [email protected] | 5.4 | 0.17% | 2024-03-18 | 2025-03-28 |
| CVE-2023-26017 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in BlueGlass Jobs for WordPress plugin <= 2.5.10.2 versions. | [email protected] | 5.9 | 0.21% | 2023-05-03 | 2024-11-21 |
| CVE-2022-44743 | Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in BlueGlass Jobs for WordPress plugin <= 2.5.11.2 versions. | [email protected] | 6.5 | 0.18% | 2023-04-23 | 2024-11-21 |