VYPR

Noo Jobmonster

by WordPress

CVEs (6)

  • CVE-2025-5397CriOct 31, 2025
    risk 0.64cvss 9.8epss 0.01

    The Noo JobMonster theme for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 4.8.1. This is due to the check_login() function not properly verifying a user's identity prior to successfully authenticating them This makes it possible for…

  • CVE-2024-37927CriJul 12, 2024
    risk 0.64cvss 9.8epss 0.00

    Incorrect Privilege Assignment vulnerability in NooTheme Jobmonster noo-jobmonster allows Privilege Escalation.This issue affects Jobmonster: from n/a through <= 4.7.5.

  • CVE-2024-37928HigJul 12, 2024
    risk 0.56cvss 8.6epss 0.01

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in NooTheme Jobmonster allows File Manipulation.This issue affects Jobmonster: from n/a through 4.7.0.

  • CVE-2025-67522HigDec 9, 2025
    risk 0.49cvss 7.5epss 0.00

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in NooTheme Jobmonster noo-jobmonster allows PHP Local File Inclusion.This issue affects Jobmonster: from n/a through <= 4.8.2.

  • CVE-2025-57888MedAug 22, 2025
    risk 0.34cvss 5.3epss 0.00

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in NooTheme Jobmonster noo-jobmonster allows Retrieve Embedded Sensitive Data.This issue affects Jobmonster: from n/a through <= 4.8.0.

  • CVE-2022-1170Apr 4, 2022
    risk 0.00cvss epss 0.02

    In the Noo JobMonster WordPress theme before 4.5.2.9 JobMonster there is a XSS vulnerability as the input for the search form is provided through unsanitized GET requests.