Primary

Context

WP JobHunt Plugin for WordPress Authorization Bypass Vulnerability

Vulnerability

Patched

A vulnerability allowing authorization bypass has been identified in the WP JobHunt plugin for WordPress, specifically in versions through 7.6. This issue arises from inadequate login restrictions on inactive and pending accounts, enabling authenticated attackers with Candidate or Employer-level access to log in despite their accounts being inactive or pending.

Impact

Exploitation of this vulnerability allows authenticated users to bypass account status restrictions, potentially leading to unauthorized access or actions on the site.

Remediation

Users can update to WP JobHunt version 7.7 or a newer patched version to address this vulnerability.

Added: Oct 10, 2025, 12:18 PM

Updated: Oct 10, 2025, 12:18 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

5.0

exploitability

5.4

remediation

7.7

relevance

0.7

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

5.0

exploitability

5.4

remediation

7.7

relevance

0.7

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WP JobHunt Plugin for WordPress Authorization Bypass Vulnerability

Vulnerability

Impact

Remediation

Affected Products

WP JobHunt

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating