CVE-2025-58827
BaseFortify
Publication date: 2025-09-05
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| pickplugins | job_board_manager | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-58827 is a content injection vulnerability in the WordPress Job Board Manager Plugin versions up to 2.1.61. It allows a malicious user with Job Poster privileges to inject arbitrary content into pages and posts on the affected website. This could be used to insert phishing pages or other malicious content, compromising the site's integrity and user trust. The vulnerability is classified as a low severity injection flaw with a CVSS score of 3.8 and currently has no official patch. [1]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing a user with Job Poster privileges to inject malicious content into your website's pages or posts. This could lead to phishing attacks or other malicious activities that compromise your site's integrity and damage user trust. Although the severity is low and exploitation is limited to users with certain privileges, it still poses a risk to website security and reputation. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection involves monitoring for unauthorized content injection by users with Job Poster privileges. Since the vulnerability allows arbitrary content injection into pages and posts, reviewing recent changes or additions by such users can help identify exploitation. Patchstack recommends professional incident response and server-side malware scanning for suspected compromise. No specific commands are provided in the resources. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation includes applying Patchstack's virtual patching (vPatching) technology, which provides automatic protection without an official fix. Additionally, restrict Job Poster privileges to trusted users only, monitor content changes closely, and seek professional incident response and server-side malware scanning if compromise is suspected. [1]