CVE-2025-13383

Name of the Vulnerable Software and Affected Versions Job Board by BestWebSoft plugin for WordPress versions up to and including 1.2.1

Description The plugin is susceptible to Stored Cross-Site Scripting. The issue arises from storing unsanitized data from the $ GET superglobal array directly into the database using the update user meta() function when users save search results. This data is then output without proper escaping, allowing unauthenticated attackers to inject arbitrary web scripts. These scripts execute when a user accesses the saved search or views their profile, provided the attacker can induce the user to save the search results. The vulnerability allows for the injection of malicious scripts via the $ GET parameters.

Recommendations Update the Job Board by BestWebSoft plugin to a version beyond 1.2.1.