Vulnerability Description
The Noo JobMonster theme for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 4.8.1. This is due to the check_login() function not properly verifying a user's identity prior to successfully authenticating them This makes it possible for unauthenticated attackers to bypass standard authentication and access administrative user accounts. Please note social login needs to be enabled in order for a site to be impacted by this vulnerability.
CVSS Score
CRITICAL
Related Weaknesses (CWE)
References
- https://themeforest.net/item/jobmonster-job-board-wordpress-theme/10965446
- https://www.wordfence.com/threat-intel/vulnerabilities/id/6fa4aa8d-d7f1-4e91-bb2
FAQ
What is CVE-2025-5397?
CVE-2025-5397 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The Noo JobMonster theme for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 4.8.1. This is due to the check_login() function not properly verifying a user's ide...
How severe is CVE-2025-5397?
CVE-2025-5397 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2025-5397?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.