PHP Remote File Inclusion Vulnerability in NooTheme Jobmonster
CVE-2025-67522

9.8CRITICAL

Key Information:

Vendor: WordPress
Status: Jobmonster
Vendor: CVE Published:; 9 December 2025

What is CVE-2025-67522?

The NooTheme Jobmonster theme contains a vulnerability that permits improper control of filenames in the PHP include or require statements, leading to local file inclusion. This issue could allow an attacker to exploit the application by accessing sensitive files or executing malicious scripts on the server. The vulnerability affects versions from unknown to 4.8.2, emphasizing the need for timely updates and security measures to protect WordPress sites using this theme.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Jobmonster <= n/a

References

https://patchstack.com/database/Wordpress/Theme/noo-jobmo...

vdb-entry

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 9, 2025
Vulnerability Reserved
Dec 9, 2025

Credit

João Pedro S Alcântara (Kinorth) | Patchstack Bug Bounty Program

JSON

WordPress

What is CVE-2025-67522?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.