PT-2025-29296 · WordPress · The Nokri – Job Board Wordpress Theme
Tonn
·
Published
2025-07-12
·
Updated
2025-07-17
·
CVE-2025-1313
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Nokri - Job Board WordPress Theme versions prior to 1.6.4
Description:
The Nokri - Job Board WordPress Theme is susceptible to privilege escalation, potentially leading to account takeover. The issue stems from insufficient validation of a user’s identity before allowing updates to user details, such as the email address. Authenticated attackers with Subscriber-level access or higher can modify the email addresses of arbitrary users, including administrators, and subsequently reset their passwords to gain unauthorized access to accounts.
Recommendations:
Update Nokri - Job Board WordPress Theme to version 1.6.4 or later.
Fix
LPE
Authentication Bypass Using an Alternate Path or Channel
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
The Nokri – Job Board Wordpress Theme