{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-6585", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-06-24T20:38:43.158Z", "datePublished": "2025-07-22T04:25:08.363Z", "dateUpdated": "2026-04-08T17:15:38.474Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:15:38.474Z"}, "affected": [{"vendor": "n/a", "product": "WP JobHunt", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "7.2", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The WP JobHunt plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 7.2 via the cs_remove_profile_callback() function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete accounts of other users including admins."}], "title": "WP JobHunt <= 7.2 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Account Deletion", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/afb3e0e0-68c7-43f6-981f-59c3f3507429?source=cve"}, {"url": "https://themeforest.net/item/jobcareer-job-board-responsive-wordpress-theme/14221636"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-20 Improper Input Validation", "cweId": "CWE-20", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "baseScore": 8.1, "baseSeverity": "HIGH"}}], "credits": [{"lang": "en", "type": "finder", "value": "meghnine islem"}], "timeline": [{"time": "2025-07-21T15:58:03.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-07-22T15:49:01.523335Z", "id": "CVE-2025-6585", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-22T15:52:23.467Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-6585", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-07-22T15:49:01.523335Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-22T15:52:10.655Z"}}], "cna": {"title": "WP JobHunt <= 7.2 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Account Deletion", "credits": [{"lang": "en", "type": "finder", "value": "meghnine islem"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 8.1, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"}}], "affected": [{"vendor": "n/a", "product": "WP JobHunt", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "7.2"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-07-21T15:58:03.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/afb3e0e0-68c7-43f6-981f-59c3f3507429?source=cve"}, {"url": "https://themeforest.net/item/jobcareer-job-board-responsive-wordpress-theme/14221636"}], "descriptions": [{"lang": "en", "value": "The WP JobHunt plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 7.2 via the cs_remove_profile_callback() function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete accounts of other users including admins."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:15:38.474Z"}}}, "cveMetadata": {"cveId": "CVE-2025-6585", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:15:38.474Z", "dateReserved": "2025-06-24T20:38:43.158Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-07-22T04:25:08.363Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The WP JobHunt plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 7.2 via the cs_remove_profile_callback() function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete accounts of other users including admins."}, {"lang": "es", "value": "El complemento WP JobHunt para WordPress es vulnerable a una Referencia Directa a Objetos Insegura en todas las versiones hasta la 7.2 incluida, a trav\u00e9s de la funci\u00f3n cs_remove_profile_callback(), debido a la falta de validaci\u00f3n en una clave controlada por el usuario. Esto permite a atacantes autenticados, con acceso de suscriptor o superior, eliminar cuentas de otros usuarios, incluidos los administradores."}], "id": "CVE-2025-6585", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-07-22T05:15:41.207", "references": [{"source": "security@wordfence.com", "url": "https://themeforest.net/item/jobcareer-job-board-responsive-wordpress-theme/14221636"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/afb3e0e0-68c7-43f6-981f-59c3f3507429?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-20T20:13:12.703331+00:00", "value": {"mitigation_remediation": ["Upgrade WP JobHunt to version 7.3 or later, which contains the fix for the direct object reference bug", "If an upgrade is not immediately possible, disable or remove the cs_remove_profile_callback functionality to prevent account deletion by non-admin roles", "Implement role-based access control or additional input validation on the deletion endpoint to block Subscriber and lower-level users from executing the command"], "summary": {"action": "Apply Patch", "impact": "Arbitrary Account Deletion"}, "threat_synthesis": {"affected_systems": "WordPress users running the WP JobHunt plugin at version 7.2 or earlier are affected. The vulnerability exists in all releases up to and including 7.2 and is specific to the WP JobHunt plugin for WordPress.", "description_and_impact": "The WP JobHunt plugin for WordPress is vulnerable to an insecure direct object reference because the cs_remove_profile_callback() function does not validate a user-controlled key. This flaw permits authenticated users with Subscriber level or higher to delete any other user\u2019s account, including administrators, thus tampering with legitimate user data and potentially disabling critical application functionality.", "risk_and_exploitability": "The CVSS score of 8.1 indicates a high severity impact. The EPSS score of < 1% suggests a very low current exploitation probability, and the vulnerability is not yet listed in the CISA KEV catalog. The likely attack vector requires an authenticated session, as the flaw is triggered through the cs_remove_profile_callback endpoint exposed to users with Subscriber or higher privileges. An attacker who can craft a request with the vulnerable key can delete target accounts without additional privileged access."}}}}, "created": "2026-04-20T20:15:06.224374+00:00", "updated": "2026-04-20T20:15:06.224394+00:00", "vendors": []}