WordPress VK Google Job Posting Manager plugin <= 1.2.21 - Cross Site Scripting (XSS) vulnerability
CVE-2025-68070

Currently unrated

Key Information:

Vendor

WordPress
Status
Vk Google Job Posting Manager
Vendor
CVE Published:
16 December 2025

What is CVE-2025-68070?

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vektor,Inc. VK Google Job Posting Manager vk-google-job-posting-manager allows Stored XSS.This issue affects VK Google Job Posting Manager: from n/a through <= 1.2.21.

Affected Version(s)

VK Google Job Posting Manager <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Plugin/vk-g...
vdb-entry

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Nabil Irawan | Patchstack Bug Bounty Program
JSON
.
CVE-2025-68070 : Stored XSS Vulnerability in VK Google Job Posting Manager by Vektor, Inc.