PatchSiren cyber security CVE debrief
CVE-2026-48880 Ahmad CVE debrief
CVE-2026-48880 is a Cross Site Scripting (XSS) vulnerability in the WP Job Portal plugin for WordPress, affecting versions up to and including 2.5.2. This vulnerability has a CVSS score of 6.5 and a CVSS severity of MEDIUM. The vulnerability allows subscribers to execute XSS attacks.
- Vendor
- Ahmad
- Product
- WP Job Portal
- CVSS
- MEDIUM 6.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-15
- Original CVE updated
- 2026-06-15
- Advisory published
- 2026-06-15
- Advisory updated
- 2026-06-15
Who should care
Users of the WP Job Portal plugin, particularly those with subscriber-level access, should be aware of this vulnerability and take steps to mitigate it.
Technical summary
The CVE-2026-48880 vulnerability is a Cross Site Scripting (XSS) issue in the WP Job Portal plugin. It has been assigned a CVSS score of 6.5 and a CVSS severity of MEDIUM. The vulnerability is exploitable by subscribers and requires user interaction.
Defensive priority
MEDIUM
Recommended defensive actions
- Update the WP Job Portal plugin to a version that is not vulnerable.
- Limit subscriber-level access to sensitive areas of the plugin.
- Monitor for suspicious activity related to the plugin.
Evidence notes
Evidence for this CVE comes from Patchstack, as noted in the sourceItem metadata.
Official resources
-
CVE-2026-48880 CVE record
CVE.org
-
CVE-2026-48880 NVD detail
NVD
-
Source item URL
nvd_modified
- Mitigation or vendor reference
CVE-2026-48880 was published on 2026-06-15T21:17:17.257Z and modified on 2026-06-15T21:24:32.790Z.