Skip to main content

Jobsearch

4 CVEs product

Monthly

CVE-2026-57383 HIGH This Week

Stored cross-site scripting in the eyecix JobSearch (wp-jobsearch) WordPress plugin, versions up to and including 3.2.9, lets attackers inject persistent JavaScript that executes in the browsers of users who later view the affected page. The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:R/S:C) indicates a network-reachable, low-complexity flaw requiring no attacker authentication but relying on a victim viewing the poisoned content, with a scope change reflecting script execution crossing into the victim's browser context. No public exploit identified at time of analysis, and no EPSS score was supplied in the intelligence set.

XSS Jobsearch
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2026-54186 CRITICAL Act Now

Unauthenticated SQL injection in the eyecix JobSearch WordPress plugin (versions 3.2.9 and earlier) allows remote attackers to inject arbitrary SQL into backend database queries without credentials or user interaction. With a CVSS 3.1 score of 9.3 and a Scope:Changed vector indicating impact beyond the vulnerable component, the flaw enables high-confidentiality data theft from the WordPress database including user records and credentials. No public exploit identified at time of analysis, but Patchstack-tracked WordPress plugin SQLi issues are commonly weaponized shortly after disclosure.

SQLi Jobsearch
NVD VulDB
CVSS 3.1
9.3
EPSS
0.3%
CVE-2026-49057 HIGH This Week

Unauthenticated information disclosure in the eyecix JobSearch (wp-jobsearch) WordPress plugin versions up to and including 3.2.7 allows remote attackers to bypass access controls and read sensitive data without authentication. The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N) indicates trivial remote exploitation with no preconditions, though no public exploit identified at time of analysis and no CISA KEV listing is present. Patchstack categorized the issue as a Broken Access Control / Authentication Bypass affecting confidentiality only.

Authentication Bypass Jobsearch
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-32493 HIGH This Week

A Reflected Cross-Site Scripting (XSS) vulnerability exists in the eyecix JobSearch WordPress plugin through version 3.2.0, allowing attackers to inject malicious scripts into web pages viewed by users. The vulnerability affects all installations of the JobSearch plugin up to and including version 3.2.0, enabling attackers to steal session cookies, perform unauthorized actions on behalf of users, or redirect users to malicious sites. No active exploitation in the wild has been publicly confirmed, though the vulnerability is documented in Patchstack's vulnerability database.

XSS Jobsearch
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
EPSS 0% CVSS 7.1
HIGH This Week

Stored cross-site scripting in the eyecix JobSearch (wp-jobsearch) WordPress plugin, versions up to and including 3.2.9, lets attackers inject persistent JavaScript that executes in the browsers of users who later view the affected page. The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:R/S:C) indicates a network-reachable, low-complexity flaw requiring no attacker authentication but relying on a victim viewing the poisoned content, with a scope change reflecting script execution crossing into the victim's browser context. No public exploit identified at time of analysis, and no EPSS score was supplied in the intelligence set.

XSS Jobsearch
NVD
EPSS 0% CVSS 9.3
CRITICAL Act Now

Unauthenticated SQL injection in the eyecix JobSearch WordPress plugin (versions 3.2.9 and earlier) allows remote attackers to inject arbitrary SQL into backend database queries without credentials or user interaction. With a CVSS 3.1 score of 9.3 and a Scope:Changed vector indicating impact beyond the vulnerable component, the flaw enables high-confidentiality data theft from the WordPress database including user records and credentials. No public exploit identified at time of analysis, but Patchstack-tracked WordPress plugin SQLi issues are commonly weaponized shortly after disclosure.

SQLi Jobsearch
NVD VulDB
EPSS 0% CVSS 7.5
HIGH This Week

Unauthenticated information disclosure in the eyecix JobSearch (wp-jobsearch) WordPress plugin versions up to and including 3.2.7 allows remote attackers to bypass access controls and read sensitive data without authentication. The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N) indicates trivial remote exploitation with no preconditions, though no public exploit identified at time of analysis and no CISA KEV listing is present. Patchstack categorized the issue as a Broken Access Control / Authentication Bypass affecting confidentiality only.

Authentication Bypass Jobsearch
NVD
EPSS 0% CVSS 7.1
HIGH This Week

A Reflected Cross-Site Scripting (XSS) vulnerability exists in the eyecix JobSearch WordPress plugin through version 3.2.0, allowing attackers to inject malicious scripts into web pages viewed by users. The vulnerability affects all installations of the JobSearch plugin up to and including version 3.2.0, enabling attackers to steal session cookies, perform unauthorized actions on behalf of users, or redirect users to malicious sites. No active exploitation in the wild has been publicly confirmed, though the vulnerability is documented in Patchstack's vulnerability database.

XSS Jobsearch
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy