Risk actors are focusing on a important vulnerability within the JobMonster WordPress theme that permits hijacking of administrator accounts below sure situations.
The malicious exercise was detected by Wordfence, a WordPress security agency, after blocking a number of exploit makes an attempt towards its purchasers over the previous 24 hours.
JobMonster, created by NooThemes, is a premium WordPress theme utilized by job itemizing websites, recruitment/hiring portals, candidate search instruments, and many others. The theme has over 5,500 gross sales on Envato.
The exploited vulnerability is recognized as CVE-2025-5397 and has a critical-severity rating of 9.8. It’s an authentication bypass drawback that imapcts all variations of the theme as much as 4.8.1.
“[The flaw] is because of the check_login() operate not correctly verifying a person’s identification previous to efficiently authenticating them,” reads the flaw’s description.
“This makes it attainable for unauthenticated attackers to bypass commonplace authentication and entry administrative person accounts.”
To use CVE-2025-5397, social login must be enabled on websites utilizing the theme; in any other case, there’s no impression.
Social login is a characteristic that permits customers to register to an internet site utilizing their present social media accounts, comparable to “Sign up with Google,” “Login with Fb,” and “Proceed with LinkedIn.”
JobMonster trusts the exterior login knowledge with out verifying it correctly, permitting attackers to pretend admin entry with out holding legitimate credentials.
Usually, an attacker would additionally have to know the goal administrator’s account username or electronic mail.
CVE-2025-5397 has been mounted in JobMonster model 4.8.2, at present the newest, so customers are suggested to maneuver to the patched launch instantly.
If pressing motion is unimaginable, take into account the mitigation of disabling the social login operate on affected web sites.
Additionally it is advisable to allow two-factor authentication for all administrator accounts, rotate credentials, and test entry logs for suspicious exercise.
WordPress themes have been on the epicenter of malicious exercise in latest months.
Final week, Wordfence reported about malicious exercise focusing on the Freeio premium theme leveraging CVE-2025-11533, a important privilege escalation flaw.
In early October, risk actors focused CVE-2025-5947, a important authentication bypass drawback within the Service Finder WordPress theme, permitting them to log in as directors.
In July 2025, it was reported that hackers focused the WordPress theme ‘Alone’ to attain distant code execution and carry out a full web site takeover, with Wordfence blocking over 120,000 makes an attempt on the time.
WordPress plugins and themes have to be up to date commonly to make sure the most recent security fixes are energetic on the websites. Patch delaying provides risk actors alternatives for profitable assaults, typically a full yr later.
It is funds season! Over 300 CISOs and security leaders have shared how they’re planning, spending, and prioritizing for the yr forward. This report compiles their insights, permitting readers to benchmark methods, determine rising traits, and evaluate their priorities as they head into 2026.
Find out how prime leaders are turning funding into measurable impression.
