Unauthorized Data Modification in WP JobHunt Plugin for WordPress
CVE-2025-7782

7.6HIGH

Key Information:

Vendor: WordPress
Status: WP Jobhunt
Vendor: CVE Published:; 20 December 2025

What is CVE-2025-7782?

The WP JobHunt plugin for WordPress has a security flaw that allows authenticated users with Candidate-level access or higher to manipulate job application statuses. This vulnerability arises from a missing capability check in the 'cs_update_application_status_callback' function. As a result, unauthorized modifications can occur, enabling attackers to inject malicious scripts into the 'status' field of job applications. This exploitation poses serious risks to data integrity and user security, affecting users applied to jobs through the JobCareer theme.

Affected Version(s)

WP JobHunt * <= 7.7

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://themeforest.net/item/jobcareer-job-board-responsi...

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 20, 2025
Vulnerability Reserved
Jul 17, 2025

Credit

meghnine islem

JSON