Authentication Bypass Vulnerability in Noo JobMonster Theme by WordPress
CVE-2025-5397

9.8CRITICAL

Key Information:

Vendor: WordPress
Status: Noo Jobmonster
Vendor: CVE Published:; 31 October 2025

Badges

👾 Exploit Exists📰 News Worthy

What is CVE-2025-5397?

The Noo JobMonster theme for WordPress is susceptible to an Authentication Bypass vulnerability affecting all versions up to and including 4.8.1. This flaw arises from the inadequate verification performed by the check_login() function, allowing attackers to circumvent standard authentication processes and potentially gain access to administrative user accounts. For this vulnerability to be exploited, social login must be enabled on the affected WordPress site, exposing it to a higher risk. Website administrators are urged to apply updates promptly to mitigate unauthorized access.

Affected Version(s)

Noo JobMonster * <= 4.8.1

News Articles

BleepingComputer

CVE-2025-5397

Hackers exploit critical auth bypass flaw in JobMonster WordPress theme

Threat actors are targeting a critical vulnerability in the JobMonster WordPress theme that allows hijacking of administrator accounts under certain conditions.

3 weeks ago

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://themeforest.net/item/jobmonster-job-board-wordpre...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Nov 4, 2025
📰
First article discovered by BleepingComputer
Nov 4, 2025
Vulnerability published
Oct 31, 2025
Vulnerability Reserved
May 30, 2025

Credit

Thái An

JSON