Severity by source
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Primary rating from Vendor (Patchstack) · only source for this CVE.
CVSS VectorVendor: Patchstack
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Lifecycle Timeline
2DescriptionCVE.org
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NooTheme Jobmonster noo-jobmonster allows Reflected XSS.This issue affects Jobmonster: from n/a through <= 4.8.5.
AnalysisAI
Reflected cross-site scripting in the NooTheme Jobmonster WordPress job-board theme (versions up to and including 4.8.5) lets remote attackers inject arbitrary JavaScript that executes in a victim's browser when they follow a crafted link. Because the flaw carries a scope change (S:C), successful exploitation can affect resources beyond the vulnerable component, such as the authenticated WordPress session of an administrator who is lured into clicking. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Recommended ActionAI
Within 24 hours: inventory all WordPress instances running NooTheme Jobmonster 4.8.5 or earlier and immediately deactivate the theme in production or restrict access to job-board pages via firewall/reverse-proxy rules. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Jobmonster
View allIn the Noo JobMonster WordPress theme before 4.5.2.9 JobMonster there is a XSS vulnerability as the input for the search
A blind SQL injection vulnerability exists in the NooTheme Jobmonster WordPress theme that allows unauthenticated attack
The JobMonster Theme was vulnerable to Directory Listing in the /wp-content/uploads/jobmonster/ folder, as it did not in
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-43450