CVE-2015-2321

Job Manager < 0.7.22 - Cross-Site Scripting via Email Field

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-2321. PoCs published by Owais Mehtab.

AI-analyzed exploit summary This exploit demonstrates a persistent XSS vulnerability in the Job Manager Plugin for WordPress (version <= 0.7.22). The vulnerability arises due to insufficient sanitization of the email field, allowing arbitrary JavaScript execution when a malicious payload is injected.

Description

Cross-site scripting (XSS) vulnerability in the Job Manager plugin 0.7.22 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the email field.

Exploits (1)

exploitdb WORKING POC
by Owais Mehtab · textwebappsphp
https://www.exploit-db.com/exploits/37738

This exploit demonstrates a persistent XSS vulnerability in the Job Manager Plugin for WordPress (version <= 0.7.22). The vulnerability arises due to insufficient sanitization of the email field, allowing arbitrary JavaScript execution when a malicious payload is injected.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Job Manager Plugin for WordPress <= 0.7.22
No auth needed
Prerequisites: Access to the 'send through your résume' feature in the plugin
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/37738/
Third Party Advisory x_refsource_misc
https://wpvulndb.com/vulnerabilities/8129

Scores

EPSS 0.0489
EPSS Percentile 91.0%

Details

CWE
CWE-79
Status published
Products (1)
job_manager_project/job_manager < 0.7.22
Published Aug 13, 2015
Tracked Since Feb 18, 2026