What is CVE-2025-5397?

CVE-2025-5397 is a critical security vulnerability with a CVSS score of 9.8 affecting the JobMonster WordPress theme. It is caused by improper authentication handling in the check_login() function, where the theme trusts authentication information received from social login providers without verification mechanisms, enabling attackers to hijack administrator accounts and gain complete control over affected websites.

How does the JobMonster vulnerability work?

The vulnerability allows attackers to bypass authentication by exploiting the theme's trust of social login provider information. In a typical attack scenario, an attacker needs to know the target administrator's account username or email address, which can be obtained through reconnaissance or publicly available sources. Once this information is obtained, the attacker can exploit the authentication bypass to gain administrative access to the website without the actual account password.

Which versions of JobMonster are affected by CVE-2025-5397?

The flaw affects all versions of the JobMonster theme up to and including version 4.8.1. NooThemes has patched the vulnerability in JobMonster version 4.8.2.

Are hackers actively exploiting the JobMonster vulnerability?

Yes, hackers are reported to be actively exploiting the CVE-2025-5397 vulnerability in the JobMonster WordPress theme. WordPress security firm Wordfence detected the malicious activity after blocking multiple exploit attempts against its clients over the past 24 hours.

What should administrators do about the JobMonster vulnerability?

Website administrators using any version of JobMonster are strongly advised to update to the patched version 4.8.2 as soon as possible. This is the primary recommended action to address the vulnerability and protect websites from exploitation.

What is the JobMonster WordPress theme?

JobMonster is a WordPress theme that includes social login features allowing users to sign in with third-party services such as Google, Facebook, or LinkedIn. The theme's authentication handling has been found to contain a critical vulnerability that can be exploited when social login features are enabled.

How can I protect my JobMonster website from CVE-2025-5397?

To protect your JobMonster website from CVE-2025-5397, immediately update to version 4.8.2 or later. If immediate updating is not possible, disable the social login functionality on your website or rotate administrator usernames and email addresses to values that are difficult to guess. These temporary measures can help reduce risk until the patch is applied.

Who discovered the active exploitation of the JobMonster vulnerability?

WordPress security firm Wordfence detected the malicious activity and active exploitation of the JobMonster vulnerability after blocking multiple exploit attempts against its clients over the past 24 hours.

Is my JobMonster website vulnerable if social login is disabled?

No, when the social login feature is disabled, websites using JobMonster are not impacted by CVE-2025-5397. The vulnerability specifically requires social login features such as Sign in with Google, Login with Facebook, or Continue with LinkedIn to be enabled for exploitation.

Attack

Critical authentication bypass flaw in JobMonster WordPress theme actively exploited

Q: What are the prerequisites for exploiting the JobMonster vulnerability?

For successful exploitation, the social login feature must be enabled on websites using the JobMonster theme, such as Sign in with Google, Login with Facebook, or Continue with LinkedIn. When this feature is disabled, websites are not impacted. Additionally, the attacker needs to know the target administrator's account username or email address.

Q: Has the JobMonster vulnerability been patched?

Yes, NooThemes has patched the flaw in JobMonster version 4.8.2. Website administrators using any version of JobMonster are strongly advised to update to the patched version 4.8.2 immediately.

Q: What should I do if I cannot immediately update JobMonster?

Organizations that cannot update immediately should disable the social login functionality on affected websites, or rotate the administrator username and email to something new and difficult to guess. These measures must be considered as temporary mitigations until the update to version 4.8.2 can be applied.

published: Nov. 4, 2025

Take action: This is important but urgent ONLY if you have JobMonster with Social Login active. If your site has all these functions, update ASAP. Alternatively, rotate your admin email and username to something new and difficult to guess to get a bit of breathing room and time to test out things.

Learn More

Hackers are repoorted to be actively exploiting a security vulnerability in the JobMonster WordPress theme that enables attackers to hijack administrator accounts and gain complete control over affected websites.

The vulnerability is tracked as CVE-2025-5397 (CVSS score 9.8) - Improper authentication handling in the check_login() function. The theme trusts the authentication information received from social login providers without verification mechanisms. In a typical attack scenario, an attacker would also need to know the target administrator's account username or email address. Once this information is obtained through reconnaissance or publicly available sources, the attacker can exploit the authentication bypass to gain administrative access to the website without the actual account password.

Prerequisite for successful exploitation is that the social login feature must be enabled on websites using the JobMonster theme, such as "Sign in with Google," "Login with Facebook," or "Continue with LinkedIn." When this feature is disabled, websites are not impacted.

The flaw affects all versions of the theme up to and including version 4.8.1. WordPress security firm Wordfence detected the malicious activity after blocking multiple exploit attempts against its clients over the past 24 hours.

NooThemes has patched the flaw in JobMonster version 4.8.2. Website administrators using any version of JobMonster are strongly advised to update to the patched version 4.8.2.

Oganizations that can't update should disable the social login functionality on affected websites, or rotating the administrator username and email to something new and difficult to guess. These measures must be considered as temporary mitigations.

Critical authentication bypass flaw in JobMonster WordPress theme actively exploited

Read More
Microsoft reports on-premise SharePoint vulnerability under active attack
CISA reports active exploitation of Cross-Site Scripting flaw …
Hackers are exploiting the public PoC to hack …
CISA warns of active exploitation of Git flaw
CISA warns of actively exploited Oracle Identity Manager …