CVE-2024-47394 HIGH

CVE-2024-47394: WordPress WP JobSearch plugin <= 2.5.9 - Reflected Cross Site Scripting (XSS) vulnerability

Vendor Eyecix
Product JobSearch
Weakness CWE-79 · XSS
Published October 5, 2024
Last update May 12, 2026
View on NVD All CVEs

CVSS base score

7.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

What the vulnerability does

01Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in eyecix JobSearch wp-jobsearch allows Reflected XSS.This issue affects JobSearch: from n/a through <= 2.5.9.

Key dates

02Disclosure timeline

October 5, 2024 CVE published
May 12, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2019-25413 Comodo Dome Firewall 2.7.0 Reflected Cross-Site Scripting via ID Parameter CVE-2026-39683 WordPress Garden Gnome Package plugin <= 2.4.1 - Cross Site Scripting (XSS) vulnerability CVE-2024-11202 Multiple Plugins <= (Various Versions) - Reflected Cross-Site Scripting via cminds_free_guide Shortcode CVE-2026-3837 Frappe Framework 16.10.0 - Stored DOM XSS in Multiple Field Formatters CVE-2025-9058 Mikado Core <= 1.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode