Approved changes feed: RSS · Atom

cpe:2.3:a:bestweblayout:job_board_by_bestwebsoft:*:*:*:*:*:*:*:*

part: a version: * update: *

VendorBestweblayout (9390df4e-767c-5a65-8d05-9004ab24e571)
ProductJob Board By Bestwebsoft (05efd349-3397-5790-8dc0-95264058e5f1)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2025-13383 vulnerable 2026-06-08 07:04:32.108464 Job Board by BestWebSoft <= 1.2.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting via $_GET Array Storage
MEDIUM (6.1)
The Job Board by BestWebSoft plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.2.1. This is due to the plugin storing the entire unsanitized `$_GET` superglobal array directly into the database via `update_user_meta()` when users save search results, and later outputting this data without proper escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute whenever a user accesses the saved search or views their profile, granted they can trick the user into performing the search and saving the results.
Published: 2025-11-25T07:28:19.446Z
Updated: 2026-04-08T16:40:51.514Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.