PT-2025-44582 · WordPress · Noo Jobmonster+1
Thái An
·
Published
2025-10-31
·
Updated
2025-12-08
·
CVE-2025-5397
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Noo JobMonster theme for WordPress versions prior to 4.8.1
Description
The Noo JobMonster theme for WordPress is susceptible to Authentication Bypass due to a flaw in the
check login() function. This function does not properly verify a user's identity, potentially allowing unauthenticated attackers to bypass standard authentication and gain access to administrative user accounts. Social login must be enabled for a site to be impacted by this issue.Recommendations
Versions prior to 4.8.1 should be updated to version 4.8.1 or later.
Fix
Authentication Bypass Using an Alternate Path or Channel
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Noo Jobmonster
Wordpress