Jobmonster – Job Board WordPress Theme

9.8 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

The Noo JobMonster theme for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 4.8.1. This is due to the check_login() function not properly verifying a user's identity prior to successfully authenticating them This makes it possible for unauthenticated attackers to bypass standard authentication and access administrative user accounts. Please note social login needs to be enabled in order for a site to be impacted by this vulnerability.

AI Analysis

Authentication Bypass vulnerability in Noo JobMonster theme for WordPress, allowing unauthenticated attackers to access administrative user accounts.

Basic Information

ID CVE-2025-5397

Source Wordfence

Published Oct 31, 2025 at 06:42

Affected Product

Vendor Unknown

Product Noo JobMonster

Version *

Affected Versions Unknown Noo JobMonster *

CWE Classification

CWE-288

AI Assessment

AI Score 9.8 / 10

AI Severity Critical

Vendor Noo

Product JobMonster

Version 4.8.1

References

{
    "lastseen": "",
    "description": "The Noo JobMonster theme for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 4.8.1. This is due to the check_login() function not properly verifying a user's identity prior to successfully authenticating them  This makes it possible for unauthenticated attackers to bypass standard authentication and access administrative user accounts. Please note social login needs to be enabled in order for a site to be impacted by this vulnerability.",
    "published": "2025-10-31T06:42:54.832Z",
    "modified": "2025-10-31T06:42:54.832Z",
    "type": "cve",
    "title": "Jobmonster - Job Board WordPress Theme <= 4.8.1 - Authentication Bypass",
    "source": "Wordfence",
    "references": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6fa4aa8d-d7f1-4e91-bb2c-c9f80a4bb216?source=cve\nhttps://themeforest.net/item/jobmonster-job-board-wordpress-theme/10965446",
    "id": "CVE-2025-5397",
    "bulletinFamily": "",
    "cwe": [
        "CWE-288"
    ],
    "cvelist": null,
    "sourceData": "Unknown Noo JobMonster *",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Noo JobMonster",
    "version": "*",
    "vendor": "Unknown",
    "ai_description": "Authentication Bypass vulnerability in Noo JobMonster theme for WordPress, allowing unauthenticated attackers to access administrative user accounts.",
    "ai_severity": "Critical",
    "ai_vendor": "Noo",
    "ai_product": "JobMonster",
    "ai_version": "4.8.1",
    "ai_score": 9.8
}

Jobmonster – Job Board WordPress Theme <= 4.8.1 - Authentication Bypass_CVE-2025-5397