VYPR

WP JobHunt

by JobCareer

CVEs (2)

  • CVE-2025-6585HigJul 22, 2025
    risk 0.53cvss 8.1epss 0.00

    The WP JobHunt plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 7.2 via the cs_remove_profile_callback() function due to missing validation on a user controlled key. This makes it possible for authenticated attackers,…

  • CVE-2025-7781MedOct 10, 2025
    risk 0.42cvss 6.4epss 0.00

    The WP JobHunt plugin for WordPress, used by the JobCareer theme, is vulnerable to Stored Cross-Site Scripting via the ‘cs_job_title’ parameter in all versions up to, and including, 7.6 due to insufficient input sanitization and output escaping. This makes it possible for…