WP JobHunt Plugin Insecure Direct Object Reference Vulnerability

Vulnerability

A vulnerability allowing Insecure Direct Object Reference has been identified in the WP JobHunt plugin for WordPress, specifically in versions through 7.7. This vulnerability arises from missing validation on a user-controlled key in the 'cs_update_application_status_callback' function. As a result, authenticated attackers with Candidate-level access or higher can exploit this issue to send a site-generated email containing injected HTML to any user.

Impact

Exploitation of this vulnerability allows for the injection of HTML into emails sent to users, which could be used for phishing or other malicious purposes.

Added: Dec 20, 2025, 2:19 PM

Updated: Dec 20, 2025, 2:19 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

0.6

exploitability

5.4

remediation

0.0

relevance

1.5

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

0.6

exploitability

5.4

remediation

0.0

relevance

1.5

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WP JobHunt Plugin Insecure Direct Object Reference Vulnerability

Vulnerability

Impact

Affected Products

WP JobHunt

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating