CVE-2025-59571 is a reflected Cross-site Scripting (XSS) vulnerability identified in the WorkScout-Core product developed by purethemes. The vulnerability stems from improper neutralization of input during web page generation, meaning that user-supplied data is not adequately sanitized or encoded before being included in web pages. This flaw allows attackers to craft malicious URLs or input that, when visited or submitted by a victim, cause the victim's browser to execute attacker-controlled JavaScript code. The affected versions include all versions prior to 1.7.06, with no specific lower bound version identified. Reflected XSS typically requires the victim to click on a malicious link or visit a specially crafted page. Although no public exploits have been reported yet, the vulnerability poses a significant risk because it can be leveraged to steal session cookies, perform actions on behalf of authenticated users, or redirect users to malicious sites. The vulnerability was reserved on September 17, 2025, and published on October 22, 2025. No CVSS score has been assigned yet, and no official patches or exploit code are currently available. The vulnerability affects the confidentiality and integrity of user sessions and data handled by WorkScout-Core, a recruitment and HR management WordPress theme/plugin widely used in various organizations. The lack of authentication requirement for exploitation and the ease of triggering reflected XSS attacks increase the risk profile of this vulnerability.

For European organizations using WorkScout-Core, this vulnerability could lead to significant security incidents. Attackers exploiting the reflected XSS flaw can hijack user sessions, steal sensitive personal or corporate data, and perform unauthorized actions within the application context. This is particularly critical for HR and recruitment platforms where personal identifiable information (PII) and confidential hiring data are processed. The exploitation could also facilitate phishing attacks by redirecting users to malicious sites or displaying fraudulent content. Such incidents may result in reputational damage, regulatory penalties under GDPR due to data breaches, and operational disruptions. Public-facing WorkScout-Core installations are especially vulnerable, and organizations with limited web security controls or lacking timely patch management are at higher risk. The impact on availability is generally low, but the compromise of confidentiality and integrity can have cascading effects on organizational trust and compliance. Given the widespread use of WordPress-based recruitment themes in Europe, the threat landscape is non-trivial.

Organizations should immediately upgrade WorkScout-Core to version 1.7.06 or later once available, as this version addresses the vulnerability. In the absence of an official patch, temporary mitigations include implementing strict input validation and output encoding on all user-supplied data to prevent script injection. Employing a robust Content Security Policy (CSP) can help restrict the execution of unauthorized scripts. Web Application Firewalls (WAFs) should be configured to detect and block reflected XSS attack patterns targeting WorkScout-Core endpoints. Regular security audits and penetration testing focused on input handling can identify residual weaknesses. User awareness training to recognize suspicious links can reduce the risk of successful exploitation. Additionally, monitoring logs for unusual request patterns and anomalous user activities can aid in early detection of exploitation attempts. Organizations should also ensure that session management is secure, with HttpOnly and Secure flags set on cookies to mitigate session theft.