Description
Unauthenticated Cross Site Scripting (XSS) in WPJobster <= 6.3.5 versions.
Published: 2026-06-17
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a reflected Cross Site Scripting flaw that allows an unauthenticated attacker to inject malicious scripts into the WPJobster theme when a request containing crafted user input is processed. Because the input is rendered without proper sanitization, the injected script executes in the browsers of visitors who view the affected page.

Affected Systems

The WPJobster WordPress theme, all releases up to and including version 6.3.5, is affected. No other WordPress core modules are listed as impacted.

Risk and Exploitability

The CVSS base score of 7.1 indicates high severity. No EPSS value is available, so the probability of exploitation is unknown. The vulnerability is not listed in the CISA KEV catalog. Based on the description, it is inferred that the attacker can trigger the flaw remotely by sending a crafted request (e.g., URL or form input) to a live site that incorporates WPJobster's user‑input handling.

Generated by OpenCVE AI on June 18, 2026 at 14:10 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade WPJobster to version 6.4 or newer, which removes the reflected XSS vectors.
  • If an upgrade cannot be performed immediately, block or delete any theme functionality that accepts user input via query strings or form parameters until the patch is applied.
  • Implement a Content Security Policy that restricts trusted script sources to mitigate the impact of any remaining unfiltered user input.

Generated by OpenCVE AI on June 18, 2026 at 14:10 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sun, 21 Jun 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Jobster Marketplace
Jobster Marketplace wpjobster
Wordpress
Wordpress wordpress
Vendors & Products Jobster Marketplace
Jobster Marketplace wpjobster
Wordpress
Wordpress wordpress

Thu, 18 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 17 Jun 2026 11:15:00 +0000

Type Values Removed Values Added
Description Unauthenticated Cross Site Scripting (XSS) in WPJobster <= 6.3.5 versions.
Title WordPress WPJobster theme <= 6.3.5 - Reflected Cross Site Scripting (XSS) vulnerability
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}


Subscriptions

Jobster Marketplace Wpjobster
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-06-17T15:32:57.668Z

Reserved: 2026-01-07T12:21:11.736Z

Link: CVE-2026-22339

cve-icon Vulnrichment

Updated: 2026-06-17T15:32:52.530Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-20T23:04:34Z

Weaknesses
  • CWE-79

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')