Primary

Context

Nokri Job Board WordPress Theme Privilege Escalation Vulnerability Allowing Unauthenticated Password Changes

Vulnerability

A vulnerability in the Nokri – Job Board WordPress Theme, affecting all versions through 1.6.2, allows for privilege escalation via account takeover. The issue arises because the theme fails to properly validate token values before allowing users to update their details, such as passwords. This flaw enables unauthenticated attackers to change the passwords of any user, including administrators, thereby gaining unauthorized access to their accounts.

Impact

Exploitation of this vulnerability allows for unauthorized password changes, leading to account takeovers, including those of administrators.

Remediation

Users are advised to update the theme to version 1.6.3 or a newer patched version.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

7.7

relevance

0.0

threat

1.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

7.7

relevance

0.0

threat

1.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Nokri Job Board WordPress Theme Privilege Escalation Vulnerability Allowing Unauthenticated Password Changes

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating