Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ahmad WP Job Portal allows Reflected XSS.

This issue affects WP Job Portal: from n/a through 2.5.1.
Published: 2026-06-02
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw is caused by improper neutralization of user input during web page generation in the Ahmad WP Job Portal plugin, enabling a reflected XSS vulnerability. Malicious script injected by an attacker can run in the browser of any user who views a affected page, potentially leading to session hijacking, defacement, or phishing attacks.

Affected Systems

All installations of the Ahmad WP Job Portal plugin through version 2.5.1, including earlier releases, are affected. Any WordPress site that has this plugin installed and has not applied the 2.5.2 update is vulnerable.

Risk and Exploitability

With a CVSS score of 7.1, the vulnerability is considered high severity. The EPSS score is not available and the issue is not listed in the CISA KEV catalog. The likely attack vector is reflected XSS: an attacker can craft a URL, HTML form or seemingly innocuous input that, when processed by the plugin, injects executable JavaScript into the page rendered for the victim. No special authentication or network conditions are required, implying that any user who can trigger the vulnerable path is at risk.

Generated by OpenCVE AI on June 2, 2026 at 12:21 UTC.

Remediation

Vendor Solution

Update the WordPress WP Job Portal Plugin to the latest available version (at least 2.5.2).

OpenCVE Recommended Actions

  • Update the WordPress WP Job Portal plugin to version 2.5.2 or later as released by the vendor.
  • If the upgrade cannot be performed immediately, deactivate or uninstall the WP Job Portal plugin to eliminate the vulnerable entry point until a patch is applied.
  • Implement an appropriate Content Security Policy on the site to restrict inline scripts and disallow execution of untrusted JavaScript, thereby mitigating the impact of any remaining reflected XSS vectors.

Generated by OpenCVE AI on June 2, 2026 at 12:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 02 Jun 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 02 Jun 2026 11:30:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ahmad WP Job Portal allows Reflected XSS. This issue affects WP Job Portal: from n/a through 2.5.1.
Title WordPress WP Job Portal plugin <= 2.5.1 - Cross Site Scripting (XSS) vulnerability
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-06-02T12:10:38.070Z

Reserved: 2026-04-29T09:04:56.882Z

Link: CVE-2026-42685

cve-icon Vulnrichment

Updated: 2026-06-02T12:10:33.395Z

cve-icon NVD

Status : Deferred

Published: 2026-06-02T12:16:17.970

Modified: 2026-06-02T13:03:31.153

Link: CVE-2026-42685

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-02T12:30:08Z

Weaknesses