Vulnerability Description
The WP JobHunt plugin for WordPress, used by the JobCareer theme, is vulnerable to unauthorized modification of data due to a missing capability check on the 'cs_update_application_status_callback' function in all versions up to, and including, 7.7. This makes it possible for authenticated attackers, with Candidate-level access and above, to inject cross-site scripting into the 'status' parameter of applied jobs for any user.
CVSS Score
HIGH
Related Weaknesses (CWE)
References
- https://themeforest.net/item/jobcareer-job-board-responsive-wordpress-theme/1422
- https://www.wordfence.com/threat-intel/vulnerabilities/id/af063570-43f7-4bf4-850
FAQ
What is CVE-2025-7782?
CVE-2025-7782 is a vulnerability with a CVSS score of 7.6 (HIGH). The WP JobHunt plugin for WordPress, used by the JobCareer theme, is vulnerable to unauthorized modification of data due to a missing capability check on the 'cs_update_application_status_callback' fu...
How severe is CVE-2025-7782?
CVE-2025-7782 has been rated HIGH with a CVSS base score of 7.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-7782?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.