CVE-2025-6585

Name of the Vulnerable Software and Affected Versions WP JobHunt versions prior to 7.3

Description The WP JobHunt plugin for WordPress is susceptible to an Insecure Direct Object Reference issue in all versions up to and including 7.2, specifically within the cs remove profile callback() function. This is due to a lack of validation on a user-controlled key. Authenticated attackers with Subscriber-level access or higher can exploit this to delete accounts belonging to other users, including administrators.

Recommendations Update WP JobHunt to version 7.3 or later.