CVE-2025-58234
BaseFortify
Publication date: 2025-09-22
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| joomsky | js_job_manager | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-58234 is a Cross Site Scripting (XSS) vulnerability in the WordPress JS Job Manager Plugin up to version 2.0.2. It allows an attacker with contributor-level privileges to inject malicious scripts, such as redirects or unwanted advertisements, into a website. These scripts execute when visitors access the affected site, potentially compromising user experience or security. [1]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to execute malicious scripts on your website, which can lead to unauthorized redirects, display of unwanted advertisements, or other harmful HTML payloads. This can degrade user trust, harm your site's reputation, and potentially lead to further security issues. However, the impact is considered low severity with a CVSS score of 6.5, and exploitation requires contributor-level access. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves checking if the WordPress JS Job Manager plugin version is 2.0.2 or earlier, as these versions are vulnerable. Since the vulnerability allows stored XSS via input fields accessible to contributor-level users, monitoring for unusual or malicious script injections in user-submitted content or job postings can help detect exploitation attempts. Specific commands are not provided, but reviewing plugin version via WordPress admin or using WP-CLI commands like 'wp plugin list' to check the installed version can assist. Additionally, inspecting HTTP requests and responses for injected scripts using tools like curl or browser developer tools may help identify active exploitation. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying virtual patching (vPatching) as offered by Patchstack, which provides protection even without an official patch. Restricting contributor-level privileges to trusted users can reduce exploitation risk. Monitoring for updates from the plugin developer and Patchstack is advised. Since no official fix is available, virtual patching and limiting user permissions are the best immediate defenses. [1]