WP JobHunt WordPress Plugin Privilege Escalation Vulnerability Allowing Account Takeover

Vulnerability

A privilege escalation vulnerability allowing account takeover has been identified in the WP JobHunt plugin for WordPress, affecting all versions through 6.9. The issue arises because the plugin fails to properly validate a user's identity before allowing password changes through the account_settings_save_callback() function. This flaw enables unauthenticated attackers to change the passwords of any user, including administrators, and gain access to their accounts.

Impact

Exploitation of this vulnerability allows for unauthorized password changes, leading to account takeover, including access to administrator accounts.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

5.0

exploitability

7.6

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

5.0

exploitability

7.6

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WP JobHunt WordPress Plugin Privilege Escalation Vulnerability Allowing Account Takeover

Vulnerability

Impact

Affected Products

WP JobHunt

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating