CVE-2025-5397

CRITICAL 9.8

Jobmonster - Job Board WordPress Theme <= 4.8.1 - Authentication Bypass

CVSS Score

9.8

EPSS Score

0.0%

EPSS Percentile

0th

The Noo JobMonster theme for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 4.8.1. This is due to the check_login() function not properly verifying a user's identity prior to successfully authenticating them This makes it possible for unauthenticated attackers to bypass standard authentication and access administrative user accounts. Please note social login needs to be enabled in order for a site to be impacted by this vulnerability.

CWE	CWE-288
Vendor	unknown
Product	noo jobmonster
Published	Oct 31, 2025
Last Updated	Apr 8, 2026

Stay Ahead of the Next One

Get instant alerts for unknown noo jobmonster

Be the first to know when new critical vulnerabilities affecting unknown noo jobmonster are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

Unknown / Noo JobMonster

0 ≤ 4.8.1

References

NVD ↗ CVE.org ↗ EPSS Data ↗

wordfence.com: https://www.wordfence.com/threat-intel/vulnerabilities/id/6fa4aa8d-d7f1-4e91-bb2c-c9f80a4bb216?source=cve themeforest.net: https://themeforest.net/item/jobmonster-job-board-wordpress-theme/10965446

Credits

Thái An