JobMonster < 4.5.2.9 - Unauthenticated Reflected Cross-Site Scripting

Description

In the theme JobMonster there is a XSS vulnerability as the input for the search form is provided through unsanitized GET requests.

Note (WPScanTeam): It's unclear which exact version fixed the issue, but the lowest we were able to test and confirm remediation was 4.5.2.9.

Proof of Concept

https://example.com/resumes/?s=%22%3E%3Cimg+src%3Dx+onerror%3Dalert(1)%3E