What the vulnerability does
01Description
Unauthenticated Cross Site Scripting (XSS) in Jobify <= 4.3.2 versions.
CVE-2026-57336
HIGH
CVE-2026-57336: WordPress Jobify theme <= 4.3.2 - Cross Site Scripting (XSS) vulnerability
CVSS base score
7.1/10
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Explanation of Vulnerability in Simple Terms
02Summary
Jobify versions up to 4.3.2 contain a cross-site scripting (XSS) vulnerability that allows attackers to inject malicious scripts into the site. An attacker can craft a malicious link or page that, when visited by a site user, executes arbitrary JavaScript in the victim's browser. This can lead to session hijacking, credential theft, or defacement.
What an attacker can do
03Attacker Capabilities
Inject and execute malicious JavaScript in users' browsers to steal sessions, credentials, or deface content.
Potential impact on your site
04Site Impact
Site users visiting malicious links could have their sessions hijacked or credentials stolen; site reputation and user trust at risk.
Conditions required to exploit
05Prerequisites
Attacker must trick a site user into clicking a malicious link or visiting a compromised page (user interaction required).
Key dates
06Disclosure timeline
June 29, 2026
CVE published
External resources
07References
Related vulnerabilities
08Related CVE
CVE-2025-14032 Bold Timeline Lite <= 1.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'title' Parameter in 'bold_timeline_group' Shortcode
CVE-2025-53195 WordPress JetEngine plugin <= 3.7.0 - Cross Site Scripting (XSS) Vulnerability
CVE-2022-39026 e-Excellence Inc. U-Office Force - Stored XSS
CVE-2025-12289 Sui Shang Information Technology Suishang Enterprise-Level B2B2C Multi-User Mall System 1001 cross site scripting
CVE-2026-25642 HedgeDoc security headers for uploaded files were not working
