PT-2025-41558 · WordPress+1 · Wp Jobhunt+1
Meghnine Islem
·
Published
2025-10-10
·
Updated
2025-10-10
·
CVE-2025-7781
CVSS v3.1
6.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
WP JobHunt plugin for WordPress versions prior to 7.7
Description
The WP JobHunt plugin for WordPress, used by the JobCareer theme, has a flaw that allows malicious code to be stored and executed when a user views an affected page. This is due to a lack of proper handling of user-supplied data. An authenticated attacker with Candidate-level access or higher can inject arbitrary web scripts through the
cs job title parameter. This allows the attacker to execute scripts in the context of a user’s browser when they access the compromised page.Recommendations
Update the WP JobHunt plugin to version 7.7 or later.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Jobcareer
Wp Jobhunt