CVE-2025-7781: 
WordPress vulnerability analysis and mitigation

The WP JobHunt plugin for WordPress, used by the JobCareer theme, contains a Stored Cross-Site Scripting vulnerability (CVE-2025-7781) discovered in October 2025. The vulnerability affects all versions up to and including 7.6, specifically in the 'csjobtitle' parameter. This security issue impacts WordPress installations using the JobCareer theme with the WP JobHunt plugin (NVD Database, Wordfence Intel).

The vulnerability is classified as a Stored Cross-Site Scripting (XSS) issue, identified as CWE-79. It has received a CVSS v3.1 Base Score of 6.4 (Medium), with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N. The security flaw stems from insufficient input sanitization and output escaping in the 'csjobtitle' parameter (NVD Database).

When successfully exploited, this vulnerability allows authenticated attackers with Candidate-level access or higher to inject arbitrary web scripts into pages. These malicious scripts will execute whenever users access the compromised pages, potentially leading to unauthorized data access or manipulation of user interactions (NVD Database).

Users should upgrade their WP JobHunt plugin to a version newer than 7.6 once available. Until then, site administrators should implement strict user access controls and regularly monitor for suspicious activities in job posting titles (NVD Database).