Authentication Bypass Vulnerability in Noo JobMonster Theme by WordPress
CVE-2025-5397

9.8CRITICAL

Key Information:

Vendor: WordPress
Status: Noo Jobmonster
Vendor: CVE Published:; 31 October 2025

What is CVE-2025-5397?

The Noo JobMonster theme for WordPress is susceptible to an Authentication Bypass vulnerability affecting all versions up to and including 4.8.1. This flaw arises from the inadequate verification performed by the check_login() function, allowing attackers to circumvent standard authentication processes and potentially gain access to administrative user accounts. For this vulnerability to be exploited, social login must be enabled on the affected WordPress site, exposing it to a higher risk. Website administrators are urged to apply updates promptly to mitigate unauthorized access.

Affected Version(s)

Noo JobMonster * <= 4.8.1

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://themeforest.net/item/jobmonster-job-board-wordpre...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 31, 2025
Vulnerability Reserved
May 30, 2025

Credit

Thái An

JSON