CVE-2024-43997: 
WordPress vulnerability analysis and mitigation

A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the easy.Jobs EasyJobs WordPress plugin versions through 2.4.14. The vulnerability was disclosed on October 17, 2024, and assigned identifier CVE-2024-43997. This security issue affects the WordPress plugin easy.Jobs- Best Recruitment Plugin for Job Board Listing, Manager, Career Page for Elementor & Gutenberg (Patchstack).

The vulnerability has been assigned a CVSS v3.1 base score of 7.1 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L. The issue is classified under CWE-79 (Improper Neutralization of Input During Web Page Generation). The vulnerability allows for Reflected XSS attacks, which could enable attackers to execute malicious scripts in users' browsers (Patchstack).

The vulnerability could allow attackers to execute malicious scripts in users' browsers, potentially leading to theft of sensitive information, session hijacking, or other malicious actions performed in the context of the affected user's session (Patchstack).

Users are advised to update to version 2.4.15 or later of the easy.Jobs plugin to resolve this vulnerability. Patchstack has issued a virtual patch to mitigate this issue by blocking any attacks until users update to a fixed version (Patchstack).