Primary

Context

Nokri Job Board WordPress Theme Privilege Escalation Vulnerability Allowing Account Takeover

Vulnerability

A privilege escalation vulnerability allowing account takeover has been identified in the Nokri - Job Board WordPress Theme, affecting all versions through 1.6.3. The vulnerability arises because the theme does not properly validate a user's identity before allowing changes to account details, such as email addresses. This flaw enables authenticated attackers with Subscriber-level access or higher to alter the email addresses of any users, including administrators. Once the email address is changed, the attacker can reset the user's password and gain access to their account.

Impact

Exploitation of this vulnerability could lead to unauthorized access to user accounts, including those of administrators, allowing attackers to manipulate account details and potentially disrupt site management.

Remediation

Users are advised to update to version 1.6.4 or a newer patched version.

Added: Jul 12, 2025, 6:18 AM

Updated: Jul 12, 2025, 6:18 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.2

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.2

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Nokri Job Board WordPress Theme Privilege Escalation Vulnerability Allowing Account Takeover

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating