Impact
The CVE description indicates a subscriber Cross Site Scripting issue in WP Job Portal versions up to 2.5.2. The precise nature of the flaw (whether stored or reflected) and the exact attack surface (e.g., job posting or applicant forms) are not explicitly detailed. Based on typical XSS behavior and the plugin’s functionality, it is inferred that attackers could inject malicious JavaScript into job‑related content that is later rendered in the browsers of site visitors. Inferred exploitation can enable session cookie theft, site defacement, or malware delivery, consistent with CWE‑79: Improper Neutralization of Input During Web Page Generation.
Affected Systems
The WP Job Portal plugin developed by Ahmad is affected in all releases up to and including version 2.5.2. Updating to 2.5.3 or later removes the vulnerability. No other WordPress components are listed as impacted.
Risk and Exploitability
The CVSS score of 6.5 indicates medium severity, while the EPSS score of less than 1 % indicates a low current likelihood of exploitation. The vulnerability is not listed in CISA’s KEV catalog. Although the CVE does not specify exploitation details, it can be inferred that an attacker would need to introduce malicious JavaScript into content that the plugin subsequently renders. The attack vector is likely user‑based or via the web interface used to submit job listings or applicant data, but this is not explicitly documented. The potential impact remains significant for sites that accept job submissions, as injected scripts could hijack user sessions or facilitate phishing.
OpenCVE Enrichment