CVE-2025-50050
Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BlueGlass Interactive AG Jobs for WordPress job-postings allows Stored XSS.This issue affects Jobs for WordPress: from n/a through <= 2.7.14.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Stored XSS in Jobs for WordPress plugin (≤2.7.14) allows low-privilege attackers to inject malicious scripts into job postings, requiring user interaction to trigger.
This vulnerability is a Stored Cross-Site Scripting (XSS) issue in the BlueGlass Interactive AG Jobs for WordPress plugin (job-postings). The plugin fails to properly neutralize input during web page generation, allowing attackers to inject arbitrary scripts that are saved and later executed when visitors view affected job postings [1].
Exploitation requires a privileged user (such as an administrator) to perform an action like clicking a malicious link or visiting a crafted page. This interaction enables the attacker to inject scripts, which then execute in the context of other users' browsers [1].
If exploited, an attacker can inject malicious scripts such as redirects, advertisements, or other HTML payloads. These scripts execute when guests visit the site, potentially leading to data theft, defacement, or further compromise [1].
The vulnerability affects all versions up to and including 2.7.14. A patch is available in version 2.7.15. Users are advised to update immediately or enable auto-update via Patchstack. Although the vendor rates the severity as low, the CVSS v3 score of 6.5 (Medium) indicates a notable risk [1].
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.