Stored XSS Vulnerability in VK Google Job Posting Manager by Vektor, Inc.
CVE-2025-68070

6.5MEDIUM

Key Information:

Vendor: WordPress
Status: Vk Google Job Posting Manager
Vendor: CVE Published:; 16 December 2025

What is CVE-2025-68070?

The VK Google Job Posting Manager by Vektor, Inc. is vulnerable to a Stored XSS issue, allowing attackers to inject malicious scripts into web pages. This vulnerability affects all versions up to and including 1.2.21. If exploited, it can enable attackers to execute arbitrary scripts in the context of users' web browsers, posing a significant security risk to users and their data. It is essential for users of this plugin to apply updates and patches to mitigate the potential impact of this vulnerability.

Affected Version(s)

VK Google Job Posting Manager <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Plugin/vk-g...

vdb-entry

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Dec 16, 2025
Vulnerability Reserved
Dec 15, 2025

Credit

Nabil Irawan | Patchstack Bug Bounty Program

JSON