CVE-2025-7733 in WP JobHunt Plugin信息

摘要

由 MITRE • 2025-12-20

The WP JobHunt plugin for WordPress, used by the JobCareer theme, is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 7.7 via the 'cs_update_application_status_callback' due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Candidate-level access and above, to send a site-generated email with injected HTML to any user.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

来源

Want to know what is going to be exploited?

We predict KEV entries!