Skip to main content

Addon Jobsearch Chat

2 CVEs product

Monthly

CVE-2026-25377 CRITICAL Act Now

A SQL injection vulnerability exists in the eyecix Addon Jobsearch Chat plugin for WordPress, affecting all versions through 3.0, that allows attackers to execute arbitrary SQL commands against the underlying database. The vulnerability stems from improper neutralization of special SQL characters in user-supplied input, classified under CWE-89 (SQL Injection). While no CVSS score or EPSS metric is currently available, the vulnerability has been documented by Patchstack and assigned ENISA EUVD tracking ID EUVD-2026-15695, indicating active awareness in vulnerability tracking systems.

SQLi Addon Jobsearch Chat
NVD VulDB
CVSS 3.1
9.3
EPSS
0.0%
CVE-2026-25376 HIGH This Week

A Reflected Cross-Site Scripting (XSS) vulnerability exists in the eyecix Addon Jobsearch Chat plugin for WordPress, affecting versions up to and including 3.0. An attacker can inject malicious scripts into user-controlled input that is reflected back in the web page without proper sanitization, allowing them to steal session cookies, perform actions on behalf of authenticated users, or redirect users to malicious sites. No CVSS score, EPSS probability, or active KEV designation is available; however, the vulnerability is confirmed via Patchstack and carries a European vulnerability database entry (EUVD-2026-15694).

XSS Addon Jobsearch Chat
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
EPSS 0% CVSS 9.3
CRITICAL Act Now

A SQL injection vulnerability exists in the eyecix Addon Jobsearch Chat plugin for WordPress, affecting all versions through 3.0, that allows attackers to execute arbitrary SQL commands against the underlying database. The vulnerability stems from improper neutralization of special SQL characters in user-supplied input, classified under CWE-89 (SQL Injection). While no CVSS score or EPSS metric is currently available, the vulnerability has been documented by Patchstack and assigned ENISA EUVD tracking ID EUVD-2026-15695, indicating active awareness in vulnerability tracking systems.

SQLi Addon Jobsearch Chat
NVD VulDB
EPSS 0% CVSS 7.1
HIGH This Week

A Reflected Cross-Site Scripting (XSS) vulnerability exists in the eyecix Addon Jobsearch Chat plugin for WordPress, affecting versions up to and including 3.0. An attacker can inject malicious scripts into user-controlled input that is reflected back in the web page without proper sanitization, allowing them to steal session cookies, perform actions on behalf of authenticated users, or redirect users to malicious sites. No CVSS score, EPSS probability, or active KEV designation is available; however, the vulnerability is confirmed via Patchstack and carries a European vulnerability database entry (EUVD-2026-15694).

XSS Addon Jobsearch Chat
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy