CVE-2025-7782
📋 TL;DR
The WP JobHunt plugin for WordPress (used by JobCareer theme) has a missing capability check that allows authenticated attackers with Candidate-level access or higher to inject cross-site scripting (XSS) into job application status fields. This vulnerability affects all versions up to and including 7.7, potentially compromising any WordPress site using this plugin/theme combination.
💻 Affected Systems
- WP JobHunt plugin
- JobCareer WordPress theme
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could inject malicious JavaScript that steals administrator credentials, hijacks user sessions, defaces websites, or installs backdoors when administrators view job applications.
Likely Case
Attackers inject malicious scripts that steal user session cookies or redirect users to phishing sites when viewing job application status pages.
If Mitigated
With proper input validation and output escaping, the impact is limited to minor data integrity issues without code execution.
🎯 Exploit Status
Exploitation requires authenticated access (Candidate role or higher) and knowledge of the vulnerable endpoint. The vulnerability is straightforward to exploit once authenticated.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version 7.8 or later
Vendor Advisory: https://themeforest.net/item/jobcareer-job-board-responsive-wordpress-theme/14221636
Restart Required: No
Instructions:
1. Update WP JobHunt plugin to version 7.8 or later. 2. If using JobCareer theme, ensure it's updated to latest version. 3. Verify the update applied correctly by checking plugin version in WordPress admin.
🔧 Temporary Workarounds
Temporary Plugin Deactivation
allDisable WP JobHunt plugin until patched version is available
wp plugin deactivate wp-jobhunt
Capability Restriction
allUse WordPress role management plugins to restrict 'edit_posts' capability for Candidate roles
🧯 If You Can't Patch
- Implement web application firewall (WAF) rules to block XSS payloads in POST requests to job application endpoints.
- Disable job application functionality or restrict Candidate role registrations until patch can be applied.
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Plugins > WP JobHunt. If version is 7.7 or lower, the system is vulnerable.Check Version:
wp plugin get wp-jobhunt --field=versionVerify Fix Applied:
After updating, verify WP JobHunt plugin version shows 7.8 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- POST requests to /wp-admin/admin-ajax.php with action=cs_update_application_status containing script tags or JavaScript in status parameter
- Unusual modifications to job application status fields from Candidate-level users
Network Indicators:
- HTTP POST requests containing malicious script payloads to WordPress admin-ajax endpoints
SIEM Query:
source="wordpress.log" AND "admin-ajax.php" AND "cs_update_application_status" AND ("<script>" OR "javascript:" OR "onerror=" OR "onload=")