CVE-2020-9019: 
WordPress vulnerability analysis and mitigation

The vulnerability identified as CVE-2020-9019 affects the WPJobBoard plugin version 5.5.3 for WordPress. This security flaw was discovered and initially reported on February 16, 2020, and involves a Persistent Cross-Site Scripting (XSS) vulnerability in the Add Job form functionality. The vulnerability was publicly disclosed on February 26, 2020, and a fix was later released in version 5.6.0 (WPScan).

The vulnerability is classified as a Persistent Cross-Site Scripting (XSS) issue, identified under CWE-79 (Improper Neutralization of Input During Web Page Generation). It received a CVSS v3.1 base score of 6.1 (Medium), with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N. The technical nature of the vulnerability allows attackers to submit malicious JavaScript code through specific fields in the 'add job' form on the frontend (NVD, WPScan).

When exploited, the vulnerability allows attackers to store malicious JavaScript code that gets executed when an administrator attempts to edit or delete the affected job posting in the control page. This creates a persistent security risk that could compromise admin sessions and potentially lead to unauthorized actions (WPScan).

The vulnerability was addressed in WPJobBoard version 5.6.0, released on May 21, 2020. Users are strongly advised to upgrade to this version or later to mitigate the security risk. The vendor was initially contacted on February 26, 2020, but due to no response and the public nature of the issue, the vulnerability was disclosed on March 5, 2020 (WPScan).