Jobify
Monthly
Cross-site scripting in the Jobify WordPress job-board theme (Astoundify) through version 4.3.2 lets unauthenticated remote attackers inject script that executes in a victim's browser when the victim is lured into triggering a crafted request or link. The scope-changed CVSS 3.1 score of 7.1 reflects that injected script runs outside the vulnerable component's own boundary, enabling session theft or actions in the WordPress context. No public exploit identified at time of analysis, and the flaw is not in CISA KEV.
The Jobify - Job Board WordPress Theme for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the 'download_image_via_ai' and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cross-site scripting in the Jobify WordPress job-board theme (Astoundify) through version 4.3.2 lets unauthenticated remote attackers inject script that executes in a victim's browser when the victim is lured into triggering a crafted request or link. The scope-changed CVSS 3.1 score of 7.1 reflects that injected script runs outside the vulnerable component's own boundary, enabling session theft or actions in the WordPress context. No public exploit identified at time of analysis, and the flaw is not in CISA KEV.
The Jobify - Job Board WordPress Theme for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the 'download_image_via_ai' and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.