Impact
The vulnerability is a reflected Cross Site Scripting flaw that allows an unauthenticated attacker to inject malicious scripts into the WPJobster theme when a request containing crafted user input is processed. Because the input is rendered without proper sanitization, the injected script executes in the browsers of visitors who view the affected page.
Affected Systems
The WPJobster WordPress theme, all releases up to and including version 6.3.5, is affected. No other WordPress core modules are listed as impacted.
Risk and Exploitability
The CVSS base score of 7.1 indicates high severity. No EPSS value is available, so the probability of exploitation is unknown. The vulnerability is not listed in the CISA KEV catalog. Based on the description, it is inferred that the attacker can trigger the flaw remotely by sending a crafted request (e.g., URL or form input) to a live site that incorporates WPJobster's user‑input handling.
OpenCVE Enrichment