Hackers are actively exploiting a serious security vulnerability in the popular JobMonster WordPress theme. The vulnerability allows attackers to take over administrator accounts under specific circumstances, giving them complete control over affected websites.
BleepingComputer reports on this. The vulnerability, registered as CVE-2025-5397, received a risk score of 9.8 out of 10. The problem is present in all versions of the theme up to and including 4.8.1. It involves a bug in the function that handles user authentication, whereby a user’s identity is not properly verified before access is granted. As a result, an attacker without valid login credentials can, in some instances, log in as an administrator.
The security company Wordfence discovered the attacks after blocking several attempts at abuse in a short period of time. According to the researchers, these are targeted attacks on websites where JobMonster’s social login function is enabled.
This feature allows users to log in with existing accounts from, for example, Google, Facebook, or LinkedIn. However, the theme trusts these external login credentials without sufficiently verifying them, allowing malicious parties to bypass the procedure and obtain administrator rights.
To carry out the attack successfully, criminals usually also need to know the username or email address of an administrator. Once that information is known, the flaw can be exploited to gain access to the website’s administrator dashboard.
Vulnerability now fixed
The developer of JobMonster, NooThemes, has now fixed the vulnerability in version 4.8.2 of the theme. Users are strongly advised to update to this version as soon as possible to prevent abuse. Those who are unable to upgrade immediately can temporarily limit the risk by disabling the social login option. In addition, it is recommended to enable two-factor authentication, change passwords, and check access logs for suspicious activity.
JobMonster is a premium WordPress theme that is widely used for job and recruitment websites. According to figures from marketplace Envato, the theme has been sold more than 5,500 times.
The incident is part of a broader trend of attacks on commercial WordPress themes. Earlier this year, other premium themes were also affected by severe vulnerabilities that enabled privilege escalation, authentication bypass, and other issues. Security experts emphasize that website administrators should update their themes and plugins regularly. Delays in updates increase the likelihood of successful attacks, even months after a vulnerability has been discovered.