Actively Exploited in the Wild

This vulnerability is being actively exploited in the wild.

Primary

Context

Noo JobMonster WordPress Theme Authentication Bypass Vulnerability

Vulnerability

Exploited

Patched

A vulnerability allowing authentication bypass has been identified in the Noo JobMonster theme for WordPress, affecting all versions through 4.8.1. The issue arises because the check_login() function fails to properly verify user identities before authentication, enabling unauthenticated attackers to bypass standard login procedures and gain access to administrative accounts. This vulnerability is only applicable if social login is enabled.

Impact

Exploitation of this vulnerability allows unauthenticated users to bypass authentication and access administrative accounts on the WordPress site.

Remediation

Users are advised to update the Noo JobMonster theme to version 4.8.2 or later, where this vulnerability has been patched.

Added: Oct 31, 2025, 7:21 AM

Updated: Oct 31, 2025, 7:21 AM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

5.0

exploitability

10.0

remediation

7.7

relevance

0.8

threat

8.0

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

5.0

exploitability

10.0

remediation

7.7

relevance

0.8

threat

8.0

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Actively Exploited in the Wild

Noo JobMonster WordPress Theme Authentication Bypass Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Noo JobMonster

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating