Volerion logoVolerion
Volerion logoVolerion

WP JobHunt Plugin Missing Capability Check Vulnerability Allowing Stored Cross-Site Scripting

Vulnerability

A vulnerability in the WP JobHunt plugin for WordPress, utilized by the JobCareer theme, allows for unauthorized data modification. This issue arises from a lack of proper capability checks in the 'cs_update_application_status_callback' function, affecting all versions up to and including 7.7. The vulnerability enables authenticated attackers with Candidate-level access or higher to inject cross-site scripting (XSS) into the 'status' parameter of job applications, impacting any user.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user viewing the job application.

Added: Dec 20, 2025, 2:18 PM
Updated: Dec 20, 2025, 2:18 PM

Vulnerability Rating

Custom Algorithm
spread
3.4
impact
1.7
exploitability
5.2
remediation
0.0
relevance
1.6
threat
0.0
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.