CVE-2025-57887: 
WordPress vulnerability analysis and mitigation

A stored Cross-Site Scripting (XSS) vulnerability was discovered in NooTheme Jobmonster theme affecting versions through 4.8.0. The vulnerability was disclosed on August 22, 2025, and assigned identifier CVE-2025-57887. The issue allows attackers to perform stored XSS attacks against the WordPress theme (Patchstack).

The vulnerability is classified as CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). It received a CVSS v3.1 base score of 6.5 (Medium) with the following vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L. The attack vector is network-based, requires low attack complexity, low privileges, and user interaction (AttackerKB).

The vulnerability could allow malicious actors to inject malicious scripts, including redirects, advertisements, and other HTML payloads into the website. These injected scripts would be executed when guests visit the affected site (Patchstack).

The vulnerability has been patched in version 4.8.1 of the Jobmonster theme. Users are advised to update to version 4.8.1 or later to remove the vulnerability. The security issue has been assessed as having a low severity impact and is considered unlikely to be exploited (Patchstack).