CVE-2025-7781 is a stored cross-site scripting vulnerability identified in the WP JobHunt plugin for WordPress, which is commonly used alongside the JobCareer theme. The vulnerability exists due to improper neutralization of input during web page generation, specifically in the 'cs_job_title' parameter. This parameter is insufficiently sanitized and escaped before being rendered, allowing an authenticated attacker with at least Candidate-level access to inject arbitrary JavaScript code into pages. Because the injected scripts are stored persistently, they execute whenever any user accesses the affected page, potentially compromising user sessions, stealing credentials, or performing unauthorized actions on behalf of users. The vulnerability affects all plugin versions up to and including 7.6. The CVSS 3.1 score of 6.4 reflects a medium severity with a network attack vector, low attack complexity, privileges required, no user interaction, and a scope change indicating that the vulnerability can affect resources beyond the initially compromised component. No public exploits have been reported yet, but the presence of this vulnerability in a widely used WordPress plugin makes it a significant concern for website administrators. The lack of official patches at the time of disclosure necessitates immediate mitigation efforts to reduce risk.

The impact of CVE-2025-7781 is primarily on the confidentiality and integrity of affected websites and their users. Successful exploitation allows attackers to execute arbitrary scripts in the context of the vulnerable site, which can lead to session hijacking, theft of sensitive user data, defacement of web pages, or redirection to malicious sites. Since the vulnerability requires authenticated access at the Candidate level or higher, attackers must have some level of legitimate access, which may limit exploitation but still poses a serious threat in environments where user accounts are numerous or poorly managed. The scope change in the CVSS vector indicates that the attack can affect components beyond the plugin itself, potentially impacting the entire WordPress site and its users. Organizations relying on WP JobHunt for job listings or recruitment may face reputational damage, loss of user trust, and potential regulatory consequences if user data is compromised. The absence of known exploits in the wild reduces immediate risk but does not eliminate the possibility of future attacks, especially as threat actors often target popular CMS plugins.

To mitigate CVE-2025-7781, organizations should first monitor for and apply any official patches or updates released by the WP JobHunt plugin developers as soon as they become available. In the absence of patches, administrators should implement strict input validation and output encoding for the 'cs_job_title' parameter, either by customizing the plugin code or using security plugins that enforce content sanitization. Restricting user privileges to the minimum necessary can reduce the risk by limiting who can inject malicious scripts. Employing a Web Application Firewall (WAF) with rules designed to detect and block XSS payloads targeting this parameter can provide an additional layer of defense. Regularly auditing user accounts for suspicious activity and enforcing strong authentication policies will help prevent unauthorized access. Website owners should also educate users about the risks of XSS and monitor logs for unusual behavior indicative of exploitation attempts. Finally, consider isolating or sandboxing user-generated content areas to limit the impact of potential script execution.