CVE-2025-5397
BaseFortify
Publication date: 2025-10-31
Last updated on: 2025-11-04
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wordpress | jobmonster | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-288 | The product requires authentication, but the product has an alternate path or channel that does not require authentication. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
This vulnerability can allow attackers who are not authenticated to gain administrative access to a WordPress site using the Noo JobMonster theme with social login enabled. This can lead to full control over the site, including modifying content, stealing data, installing malicious code, or disrupting site operations.
Can you explain this vulnerability to me?
The Noo JobMonster theme for WordPress has an authentication bypass vulnerability in all versions up to 4.8.1. This occurs because the check_login() function does not properly verify a user's identity before authenticating them. As a result, unauthenticated attackers can bypass normal login procedures and gain access to administrative user accounts. This vulnerability only affects sites where social login is enabled.