Skip to main content

Wpjobster

2 CVEs product

Monthly

CVE-2026-22340 CRITICAL Act Now

Unauthenticated SQL injection in the WPJobster WordPress theme versions 6.3.5 and earlier allows remote attackers to inject SQL queries without any authentication or user interaction. Reported by Patchstack and tracked under CWE-89, the issue carries a CVSS 3.1 score of 9.3 with a scope-changed impact, meaning a successful injection can affect resources beyond the vulnerable component. No public exploit identified at time of analysis, but the network-reachable, low-complexity nature of WordPress theme endpoints makes this a high-priority issue for any site running the affected theme.

SQLi Wpjobster
NVD
CVSS 3.1
9.3
EPSS
0.4%
CVE-2026-22339 HIGH This Week

Reflected cross-site scripting in the WPJobster WordPress theme through version 6.3.5 allows unauthenticated remote attackers to execute arbitrary JavaScript in a victim's browser when the victim clicks a crafted link. The flaw carries a CVSS 3.1 score of 7.1 with a scope change (S:C), reflecting impact on browser-side resources beyond the vulnerable application. No public exploit identified at time of analysis and the issue is not listed in CISA KEV, but Patchstack has catalogued it as a confirmed reflected XSS.

XSS Wpjobster
NVD
CVSS 3.1
7.1
EPSS
0.2%
EPSS 0% CVSS 9.3
CRITICAL Act Now

Unauthenticated SQL injection in the WPJobster WordPress theme versions 6.3.5 and earlier allows remote attackers to inject SQL queries without any authentication or user interaction. Reported by Patchstack and tracked under CWE-89, the issue carries a CVSS 3.1 score of 9.3 with a scope-changed impact, meaning a successful injection can affect resources beyond the vulnerable component. No public exploit identified at time of analysis, but the network-reachable, low-complexity nature of WordPress theme endpoints makes this a high-priority issue for any site running the affected theme.

SQLi Wpjobster
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Reflected cross-site scripting in the WPJobster WordPress theme through version 6.3.5 allows unauthenticated remote attackers to execute arbitrary JavaScript in a victim's browser when the victim clicks a crafted link. The flaw carries a CVSS 3.1 score of 7.1 with a scope change (S:C), reflecting impact on browser-side resources beyond the vulnerable application. No public exploit identified at time of analysis and the issue is not listed in CISA KEV, but Patchstack has catalogued it as a confirmed reflected XSS.

XSS Wpjobster
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy