Description
Unauthenticated Cross Site Scripting (XSS) in Jobify <= 4.3.2 versions.
Published: 2026-06-29
Score: 7.1 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Unauthenticated Cross Site Scripting is present in WordPress Jobify Theme versions up to 4.3.2, allowing an attacker to inject malicious scripts into web pages rendered by the theme. The flaw is a classic Reflected XSS vulnerability (CWE-79) that can compromise user data, execute arbitrary code in a victim’s browser, and lead to session hijacking or defacement.

Affected Systems

The vulnerability affects Astoundify’s Jobify WordPress theme for all installations running version 4.3.2 or earlier. Any site that relies on this theme without upgrading to 4.3.3 or later is potentially exposed.

Risk and Exploitability

The CVSS score of 7.1 indicates moderate to high severity, and because the flaw is unauthenticated, any external actor can trigger it by sending malicious input. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog. An adversary can exploit the weakness by visiting a crafted URL or submitting malicious form data to the theme’s front‑end components, causing the injected script to run in the browser context of unsuspecting visitors.

Generated by OpenCVE AI on June 29, 2026 at 17:05 UTC.

Remediation

Vendor Solution

Update the WordPress Jobify Theme to the latest available version (at least 4.3.3).

OpenCVE Recommended Actions

  • Upgrade the Jobify Theme to version 4.3.3 or later to eliminate the XSS flaw.
  • Implement a content security policy that disallows inline scripts and only permits scripts from trusted origins to mitigate potential XSS payloads.
  • Review any custom code or widgets that reference deprecated Jobify functions and update or remove them to eliminate any residual injection points.

Generated by OpenCVE AI on June 29, 2026 at 17:05 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 29 Jun 2026 21:00:00 +0000

Type Values Removed Values Added
First Time appeared Astoundify
Astoundify jobify
Wordpress
Wordpress wordpress
Vendors & Products Astoundify
Astoundify jobify
Wordpress
Wordpress wordpress

Mon, 29 Jun 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 29 Jun 2026 15:00:00 +0000

Type Values Removed Values Added
Description Unauthenticated Cross Site Scripting (XSS) in Jobify <= 4.3.2 versions.
Title WordPress Jobify theme <= 4.3.2 - Cross Site Scripting (XSS) vulnerability
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}

Subscriptions

Astoundify Jobify
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-06-29T15:15:44.694Z

Reserved: 2026-06-24T12:45:19.179Z

Link: CVE-2026-57336

cve-icon Vulnrichment

Updated: 2026-06-29T15:15:24.203Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-29T20:45:03Z

Weaknesses
  • CWE-79

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')