CVE-2023-0078 is a medium-severity vulnerability classified as CWE-79 (Cross-Site Scripting, XSS) found in the Resume Builder WordPress plugin up to version 3.1.1. The vulnerability arises because the plugin fails to properly sanitize and escape certain parameters related to resume data. This flaw allows users with minimal privileges—specifically, those assigned the subscriber role—to inject malicious scripts that are stored persistently within the application. When higher-privileged users, such as administrators or editors, view the affected resume data, the malicious scripts execute in their browsers. This stored XSS can lead to session hijacking, privilege escalation, or unauthorized actions performed on behalf of the victim user. The CVSS 3.1 base score is 5.4, indicating a medium impact, with an attack vector of network, low attack complexity, requiring low privileges (PR:L), and user interaction (UI:R). The scope is changed (S:C), meaning the vulnerability affects resources beyond the initially vulnerable component. Confidentiality and integrity impacts are low, while availability is not affected. No known exploits are currently reported in the wild, and no official patches or mitigation links are provided in the source data. The vulnerability was published on March 6, 2023, and assigned by WPScan and enriched by CISA. The plugin's unknown vendor and product name suggest it may be a less widely known or niche WordPress plugin, but its presence in WordPress ecosystems means it could be installed on many sites, especially those offering resume-building features.

For European organizations, the impact of this vulnerability depends largely on the presence of the Resume Builder plugin on their WordPress sites. Organizations using this plugin to allow users or customers to create and manage resumes could be at risk of stored XSS attacks. Such attacks could lead to compromise of administrative accounts, unauthorized data access, or manipulation of website content. This is particularly concerning for HR departments, recruitment agencies, educational institutions, and job boards that rely on WordPress-based resume management. Exploitation could result in data leakage, reputational damage, and potential regulatory consequences under GDPR if personal data is exposed or manipulated. Since the attack requires a low-privilege user to inject scripts and a higher-privilege user to trigger them, internal threat actors or compromised subscriber accounts pose a significant risk. The lack of known exploits reduces immediate urgency but does not eliminate risk, as attackers may develop exploits in the future. The medium severity rating suggests that while the vulnerability is not critical, it should be addressed promptly to prevent escalation.

1. Immediate mitigation involves auditing WordPress sites for the presence of the Resume Builder plugin and identifying versions up to 3.1.1. 2. If an updated patched version is released, promptly apply the update. In the absence of an official patch, consider temporarily disabling or uninstalling the plugin to eliminate exposure. 3. Implement strict role and permission management to limit subscriber capabilities and monitor for suspicious activity from low-privilege accounts. 4. Employ Web Application Firewalls (WAFs) with custom rules to detect and block typical XSS payloads targeting resume-related parameters. 5. Conduct code reviews or use security plugins that sanitize and escape user inputs to prevent injection of malicious scripts. 6. Educate administrators and users about the risks of clicking on suspicious links or content within the admin interface. 7. Monitor logs for unusual behavior indicative of attempted exploitation. 8. Consider deploying Content Security Policy (CSP) headers to restrict script execution sources, mitigating impact if exploitation occurs.