Skip to main content

Jobmonster

4 CVEs product

Monthly

CVE-2026-57368 HIGH This Week

Reflected cross-site scripting in the NooTheme Jobmonster WordPress job-board theme (versions up to and including 4.8.5) lets remote attackers inject arbitrary JavaScript that executes in a victim's browser when they follow a crafted link. Because the flaw carries a scope change (S:C), successful exploitation can affect resources beyond the vulnerable component, such as the authenticated WordPress session of an administrator who is lured into clicking. There is no public exploit identified at time of analysis, and it is not listed in CISA KEV.

XSS Jobmonster
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2026-25340 CRITICAL PATCH Act Now

A blind SQL injection vulnerability exists in the NooTheme Jobmonster WordPress theme that allows unauthenticated attackers to execute arbitrary SQL queries against the underlying database. The vulnerability affects Jobmonster versions prior to 4.8.4, and while no active exploitation in the wild has been confirmed via KEV status, the vulnerability was disclosed by Patchstack with sufficient technical detail to enable exploitation. This is a critical web application flaw that could lead to complete database compromise, including extraction of sensitive user data, credentials, and job postings.

SQLi Jobmonster
NVD VulDB
CVSS 3.1
9.3
EPSS
0.0%
CVE-2022-1170 MEDIUM POC This Month

In the Noo JobMonster WordPress theme before 4.5.2.9 JobMonster there is a XSS vulnerability as the input for the search form is provided through unsanitized GET requests. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Jobmonster
NVD WPScan
CVSS 3.1
6.1
EPSS
1.8%
CVE-2022-1166 MEDIUM POC This Month

The JobMonster Theme was vulnerable to Directory Listing in the /wp-content/uploads/jobmonster/ folder, as it did not include a default PHP file, or .htaccess file. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Jobmonster
NVD WPScan
CVSS 3.1
5.3
EPSS
1.5%
EPSS 0% CVSS 7.1
HIGH This Week

Reflected cross-site scripting in the NooTheme Jobmonster WordPress job-board theme (versions up to and including 4.8.5) lets remote attackers inject arbitrary JavaScript that executes in a victim's browser when they follow a crafted link. Because the flaw carries a scope change (S:C), successful exploitation can affect resources beyond the vulnerable component, such as the authenticated WordPress session of an administrator who is lured into clicking. There is no public exploit identified at time of analysis, and it is not listed in CISA KEV.

XSS Jobmonster
NVD
EPSS 0% CVSS 9.3
CRITICAL PATCH Act Now

A blind SQL injection vulnerability exists in the NooTheme Jobmonster WordPress theme that allows unauthenticated attackers to execute arbitrary SQL queries against the underlying database. The vulnerability affects Jobmonster versions prior to 4.8.4, and while no active exploitation in the wild has been confirmed via KEV status, the vulnerability was disclosed by Patchstack with sufficient technical detail to enable exploitation. This is a critical web application flaw that could lead to complete database compromise, including extraction of sensitive user data, credentials, and job postings.

SQLi Jobmonster
NVD VulDB
EPSS 2% CVSS 6.1
MEDIUM POC This Month

In the Noo JobMonster WordPress theme before 4.5.2.9 JobMonster there is a XSS vulnerability as the input for the search form is provided through unsanitized GET requests. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Jobmonster
NVD WPScan
EPSS 2% CVSS 5.3
MEDIUM POC This Month

The JobMonster Theme was vulnerable to Directory Listing in the /wp-content/uploads/jobmonster/ folder, as it did not include a default PHP file, or .htaccess file. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Jobmonster
NVD WPScan

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy