Authorization Bypass Vulnerability in WP JobHunt Plugin by WordPress
CVE-2025-7374

5.4MEDIUM

Key Information:

Vendor: WordPress
Status: WP Jobhunt
Vendor: CVE Published:; 10 October 2025

What is CVE-2025-7374?

The WP JobHunt plugin for WordPress, leveraged by the JobCareer theme, is susceptible to an authorization bypass. This vulnerability stems from inadequate login controls applied to inactive and pending user accounts. As a result, authenticated attackers possessing Candidate- or Employer-level access can gain login privileges to the site, even if their accounts are marked as inactive or awaiting activation, potentially compromising sensitive site functionality and data.

Affected Version(s)

WP JobHunt * <= 7.6

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://themeforest.net/item/jobcareer-job-board-responsi...

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 10, 2025
Vulnerability Reserved
Jul 8, 2025

Credit

meghnine islem

JSON