CVE-2025-1313
BaseFortify
Publication date: 2025-07-12
Last updated on: 2025-07-15
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nokri | job_board_wordpress_theme | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-288 | The product requires authentication, but the product has an alternate path or channel that does not require authentication. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Nokri - Job Board WordPress Theme up to version 1.6.3, where the plugin does not properly verify a user's identity before allowing updates to user details such as email addresses. As a result, an authenticated attacker with Subscriber-level access or higher can change the email address of any user, including administrators, and then use that to reset the user's password and take over their account.
How can this vulnerability impact me? :
The vulnerability can lead to privilege escalation and account takeover, allowing attackers to gain unauthorized access to administrator accounts. This can result in full control over the affected WordPress site, potentially leading to data theft, site defacement, or further malicious activities.