CVE-2025-69085
Reflected XSS in e-plugins JobBank Allows Script Injection
Publication date: 2026-01-06
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| patchstack | jobbank | to 1.2.2 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-69085 is a medium severity Reflected Cross Site Scripting (XSS) vulnerability in the WordPress JobBank Plugin up to version 1.2.2. It allows an unauthenticated attacker to inject malicious scripts, such as redirects or advertisements, into web pages. These scripts execute when visitors access the compromised pages, potentially leading to unauthorized actions or data exposure. Exploitation requires user interaction, like clicking a malicious link or visiting a crafted page. [1]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to execute malicious scripts on your website, which can lead to unauthorized redirects, display of unwanted advertisements, theft of user data, or session hijacking. It can compromise the integrity and trustworthiness of your site, potentially harming your users and your organization's reputation. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves monitoring for attempts to inject malicious scripts via reflected inputs, such as suspicious URL parameters or form submissions that include script tags or encoded payloads. Since no specific detection commands are provided, general web application security tools or WAF logs can be used to identify unusual input patterns or reflected script execution attempts. Patchstack provides a mitigation rule that can help block attacks, which may include detection capabilities. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying the Patchstack mitigation rule provided to block attacks exploiting this vulnerability until an official patch is released. Additionally, restricting user input, implementing Web Application Firewall (WAF) rules to detect and block reflected XSS attempts, and educating users to avoid clicking suspicious links can help reduce risk. [1]