CVE-2025-1315

Name of the Vulnerable Software and Affected Versions InWave Jobs plugin for WordPress versions up to and including 3.5.1

Description The issue allows for privilege escalation via password reset due to improper validation of a user's identity before updating their password. This enables unauthenticated attackers to change arbitrary users' passwords, including those of administrators, and gain access to their accounts.

Recommendations For InWave Jobs plugin for WordPress versions up to and including 3.5.1, update to a version higher than 3.5.1 to resolve the issue. As a temporary workaround, consider restricting access to the password reset functionality until a patch is available.