- Description
- The Nokri - Job Board WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.6.3. This is due to the plugin not properly validating a user's identity prior to updating their details like email address. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change arbitrary user's email addresses, including administrators, and leverage that to reset the user's password and gain access to their account.
- Source
- security@wordfence.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- security@wordfence.com
- CWE-288
- Hype score
- Not currently trending
CVE-2025-1313 Nokri Job Board WordPress Theme Privilege Escalation via Account Takeover https://t.co/f8U9N3br6l
@VulmonFeeds
12 Jul 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-1313 The Nokri - Job Board WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.6.3. This i… https://t.co/61ByiHYhER
@CVEnew
12 Jul 2025
597 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
[CVE-2025-1313: HIGH] WordPress theme Nokri - Job Board is at risk! Versions up to 1.6.3 have a vulnerability allowing attackers to escalate privileges. When exploited, this flaw can lead to account takeover.#cve,CVE-2025-1313,#cybersecurity https://t.co/Vdv6kT9tDq https://t.co/D
@CveFindCom
12 Jul 2025
62 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes