CVE-2024-10104: 
WordPress vulnerability analysis and mitigation

The Jobs for WordPress plugin versions before 2.7.8 contains a stored Cross-Site Scripting (XSS) vulnerability. The vulnerability was discovered by Krugov Artyom and was publicly disclosed on October 25, 2024. This security issue affects the job settings functionality within the plugin, specifically impacting users with contributor-level privileges or higher (WPScan).

The vulnerability stems from insufficient sanitization and escaping of job settings within the plugin. It has been assigned a CVSS v3.1 base score of 5.9 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L. The vulnerability is classified under CWE-79 (Cross-Site Scripting) and is listed as part of the OWASP Top 10 under A7: Cross-Site Scripting (XSS) (NVD, WPScan).

When exploited, this vulnerability allows authenticated users with contributor-level access to perform stored Cross-Site Scripting attacks. The impact is considered medium severity, with potential for compromising confidentiality, integrity, and availability of the affected system (WPScan).

The vulnerability has been patched in version 2.7.8 of the Jobs for WordPress plugin. Users are advised to update to this version or later to mitigate the risk (WPScan).