CVE-2025-7781 is a stored Cross-Site Scripting (XSS) vulnerability identified in the WP JobHunt plugin for WordPress, which is commonly used alongside the JobCareer theme. The vulnerability exists due to improper neutralization of input during web page generation, specifically through the 'cs_job_title' parameter. This parameter is insufficiently sanitized and escaped, allowing an authenticated attacker with at least Candidate-level access to inject arbitrary JavaScript code into pages. When other users visit these pages, the malicious scripts execute in their browsers, potentially compromising session tokens, stealing sensitive data, or performing actions on behalf of the victim user. The vulnerability affects all versions up to and including 7.6 of WP JobHunt. The CVSS v3.1 score is 6.4, reflecting a medium severity with network attack vector, low attack complexity, and requiring privileges but no user interaction. The scope is changed, indicating that the vulnerability can affect resources beyond the attacker’s privileges. No public exploits have been reported yet, but the presence of stored XSS in a popular WordPress plugin poses a significant risk given WordPress’s widespread use. The vulnerability was reserved in July 2025 and published in October 2025. The lack of available patches at the time of reporting necessitates immediate mitigation efforts by administrators.

For European organizations, especially those operating recruitment or job listing websites using WordPress with the WP JobHunt plugin, this vulnerability can lead to significant security risks. Exploitation could result in session hijacking, unauthorized access to user accounts, theft of sensitive candidate or employer data, and potential defacement or manipulation of job listings. This can damage organizational reputation, lead to regulatory non-compliance (e.g., GDPR violations due to data exposure), and cause operational disruptions. Since the vulnerability requires authenticated access at Candidate-level or above, insider threats or compromised user accounts could be leveraged to exploit this flaw. The medium severity score suggests moderate risk, but the stored nature of the XSS means persistent compromise and wider impact across users visiting the affected pages. European organizations with high traffic recruitment portals are particularly vulnerable to reputational and data confidentiality impacts.

1. Monitor for and apply security patches or updates from the WP JobHunt plugin developers as soon as they become available. 2. Until patches are released, restrict user privileges by limiting Candidate-level access to trusted users only and review existing user accounts for suspicious activity. 3. Implement Web Application Firewall (WAF) rules to detect and block malicious payloads targeting the 'cs_job_title' parameter. 4. Employ Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts in browsers. 5. Conduct regular security audits and code reviews of customizations involving WP JobHunt to ensure proper input validation and output encoding. 6. Educate site administrators and users about phishing and social engineering risks that could lead to account compromise. 7. Consider temporarily disabling or replacing the WP JobHunt plugin if immediate patching is not feasible and the risk is deemed high. 8. Use security plugins that scan for XSS payloads and anomalous content in user-submitted data.