Threat actors are exploiting a critical vulnerability in the JobMonster WordPress theme, allowing them to hijack administrator accounts when social login is enabled. This security flaw has been fixed in version 4.8.2, and immediate action is recommended. #CVE-2025-5397 #JobMonster #WordPressVulnerability
Keypoints
- The vulnerability CVE-2025-5397 affects all versions of the JobMonster theme up to 4.8.1.
- Malicious actors can bypass authentication and access admin accounts if social login is enabled.
- The flaw is related to improper verification in the check_login() function, leading to security bypass.
- Users are advised to update to version 4.8.2 immediately or disable social login as a temporary measure.
- WordPress themes are increasingly targeted, highlighting the need for regular updates and vigilance.