VulnTitan VulnTitan Security command center
Theme Vulnerability Hub
Theme 12 known issues Latest disclosed Mar 23, 2026

Noo JobMonster Vulnerabilities

Review known vulnerability records for the WordPress theme Noo JobMonster (`noo-jobmonster`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2026-25340, CVE-2025-67522 and CVE-2025-5397, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed
Known Records
12
High or Critical
6
Patch Coverage
100%
Last Updated
Apr 02, 2026
Related Security Guides

Use these guides while reviewing Noo JobMonster fixes

Pair this theme vulnerability hub with practical WordPress hardening, scanner, and patch workflow guidance.

Hardening
WordPress hardening checklist for exposed plugins

Review patch cadence, privileged access, XML-RPC exposure, backups, and monitoring controls.
Plugin Security
WordPress plugin security basics for patch decisions

Use ownership, update testing, least privilege, and removal criteria to reduce plugin risk.
Scanning
WordPress vulnerability scanner buyer's guide

Compare scanner coverage for plugin CVEs, version detection, alert noise, and remediation workflow.
Patch Decision Workflow

How to prioritize Noo JobMonster remediation

Use the hub as a decision layer before opening individual records: confirm whether the issue has a CVE, whether a fixed version exists, and whether the affected range overlaps production installs.

Search-Ready Records
11
1. Match the Package
Confirm the installed WordPress theme slug is noo-jobmonster before acting on any CVE from this cluster.
2. Sort by Severity
Start with 6 high or critical records, then review medium and unrated findings with public references.
3. Check Patch Evidence
12 records include a patch path; verify compatibility before closing the finding.
4. Monitor Gaps
0 records still lack a listed fixed release, so keep this hub in the review queue.
High-Signal Remediation Targets
CVE-2025-5397 Critical
Vulnerability remediation for Noo JobMonster

Affected range: Versions up to 4.8.1. Fixed version: 4.8.2.

CVE-2025-54738 Critical
Vulnerability remediation for Noo JobMonster

Affected range: Versions up to 4.7.9. Fixed version: 4.8.0.

CVE-2024-37927 Critical
Privilege Escalation remediation for Noo JobMonster

Affected range: Versions up to 4.7.5. Fixed version: 4.7.6.

CVE-2024-37928 Critical
Remote Code Execution remediation for Noo JobMonster

Affected range: Versions before 4.7.5. Fixed version: 4.7.5.

Priority CVE Quick Links

Fast paths into Noo JobMonster CVE reports

Start with the highest-signal CVE records for this WordPress theme before scanning the full vulnerability feed.

Indexed CVEs
12
Tracked CVE Issue Type Affected Versions Fixed Version CVSS
CVE-2025-5397
Jobmonster - Job Board WordPress Theme <= 4.8.1 - Authentication Bypass
 Vulnerability Versions up to 4.8.1 4.8.2 CVSS 9.8
CVE-2025-54738
Jobmonster <= 4.7.9 - Authentication Bypass
 Vulnerability Versions up to 4.7.9 4.8.0 CVSS 9.8
CVE-2024-37927
Jobmonster <= 4.7.5 - Unauthenticated Privilege Escalation
 Privilege Escalation Versions up to 4.7.5 4.7.6 CVSS 9.8
CVE-2024-37928
Jobmonster < 4.7.5 - Unauthenticated Arbitrary File Deletion
 Remote Code Execution Versions before 4.7.5 4.7.5 CVSS 9.1
CVE-2026-25340
Noo JobMonster < 4.8.4 - Unauthenticated SQL Injection
 SQL Injection Versions before 4.8.4 4.8.4 CVSS 7.5
CVE-2025-67522
Jobmonster <= 4.8.2 - Authenticated (Contributor+) Local File Inclusion
 Local File Inclusion Versions up to 4.8.2 4.8.3 CVSS 7.5
CVE-2025-57887
Jobmonster <= 4.8.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
 Stored Cross-Site Scripting Versions up to 4.8.0 4.8.1 CVSS 6.4
CVE-2025-54737
Jobmonster <= 4.7.8 - Reflected Cross-Site Scripting
 Cross-Site Scripting Versions up to 4.7.8 4.7.9 CVSS 6.1
CVE-2025-5397 Critical 4.8.2
CVE-2025-5397 Noo JobMonster Vulnerability

Jobmonster - Job Board WordPress Theme <= 4.8.1 - Authentication Bypass

CVE-2025-54738 Critical 4.8.0
CVE-2025-54738 Noo JobMonster Vulnerability

Jobmonster <= 4.7.9 - Authentication Bypass

CVE-2024-37927 Critical 4.7.6
CVE-2024-37927 Noo JobMonster Privilege Escalation

Jobmonster <= 4.7.5 - Unauthenticated Privilege Escalation

CVE-2024-37928 Critical 4.7.5
CVE-2024-37928 Noo JobMonster Remote Code Execution

Jobmonster < 4.7.5 - Unauthenticated Arbitrary File Deletion

CVE-2026-25340 High 4.8.4
CVE-2026-25340 Noo JobMonster SQL Injection

Noo JobMonster < 4.8.4 - Unauthenticated SQL Injection

CVE-2025-67522 High 4.8.3
CVE-2025-67522 Noo JobMonster Local File Inclusion

Jobmonster <= 4.8.2 - Authenticated (Contributor+) Local File Inclusion

CVE-2025-57887 Medium 4.8.1
CVE-2025-57887 Noo JobMonster Stored Cross-Site Scripting

Jobmonster <= 4.8.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

CVE-2025-54737 Medium 4.7.9
CVE-2025-54737 Noo JobMonster Cross-Site Scripting

Jobmonster <= 4.7.8 - Reflected Cross-Site Scripting

Coverage Snapshot

What this page helps you verify fast

This hub clusters tracked records for Noo JobMonster so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility
12 records include a published patch path, leaving 0 with no listed safe release yet.
Severity Mix
4 critical and 2 high severity findings.
Recent CVEs
CVE-2026-25340, CVE-2025-67522 and CVE-2025-5397
Reference Workflow
Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.
Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

Known Vulnerabilities

Reports for Noo JobMonster

Sorted by latest disclosure date so newly published issues surface first.

Theme High Patched: Yes CVE-2026-25340
CVE-2026-25340: Noo JobMonster < 4.8.4 - Unauthenticated SQL Injection

The Noo JobMonster theme for WordPress is vulnerable to SQL Injection in versions up to 4.8.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append a...

Published
Mar 23, 2026
Patched Release
4.8.4
Affected Versions
Versions before 4.8.4
Next Step
Update to 4.8.4 or newer if supported.
Review CVE-2026-25340 fixed version details Open CVE Reference
Theme High Patched: Yes CVE-2025-67522
CVE-2025-67522: Jobmonster <= 4.8.2 - Authenticated (Contributor+) Local File Inclusion

The Jobmonster theme for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 4.8.2. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execut...

Published
Dec 12, 2025
Patched Release
4.8.3
Affected Versions
Versions up to 4.8.2
Next Step
Update to 4.8.3 or newer if supported.
Review CVE-2025-67522 fixed version details Open CVE Reference
Theme Critical Patched: Yes CVE-2025-5397
CVE-2025-5397: Jobmonster - Job Board WordPress Theme <= 4.8.1 - Authentication Bypass

The Noo JobMonster theme for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 4.8.1. This is due to the check_login() function not properly verifying a user's identity prior to successfully authenticating them This makes it possible for unaut...

Published
Oct 30, 2025
Patched Release
4.8.2
Affected Versions
Versions up to 4.8.1
Next Step
Update to 4.8.2 or newer if supported.
Review CVE-2025-5397 fixed version details Open CVE Reference
Theme Medium Patched: Yes CVE-2025-54737
CVE-2025-54737: Jobmonster <= 4.7.8 - Reflected Cross-Site Scripting

The Jobmonster theme for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 4.7.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages tha...

Published
Aug 31, 2025
Patched Release
4.7.9
Affected Versions
Versions up to 4.7.8
Next Step
Update to 4.7.9 or newer if supported.
Review CVE-2025-54737 fixed version details Open CVE Reference
Theme Medium Patched: Yes CVE-2025-57887
CVE-2025-57887: Jobmonster <= 4.8.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Jobmonster theme for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.8.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inje...

Published
Aug 22, 2025
Patched Release
4.8.1
Affected Versions
Versions up to 4.8.0
Next Step
Update to 4.8.1 or newer if supported.
Review CVE-2025-57887 fixed version details Open CVE Reference
Theme Medium Patched: Yes CVE-2025-57888
CVE-2025-57888: Jobmonster <= 4.8.0 - Unauthenticated Sensitive Information Disclosure

The Noo JobMonster theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.8.0. This makes it possible for unauthenticated attackers to extract sensitive user or configuration data.

Published
Aug 22, 2025
Patched Release
4.8.1
Affected Versions
Versions up to 4.8.0
Next Step
Update to 4.8.1 or newer if supported.
Review CVE-2025-57888 fixed version details Open CVE Reference
Theme Critical Patched: Yes CVE-2025-54738
CVE-2025-54738: Jobmonster <= 4.7.9 - Authentication Bypass

The Noo JobMonster theme for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 4.7.9.This makes it possible for unauthenticated attackers to bypass authentication and log in as other users, including administrators.

Published
Aug 21, 2025
Patched Release
4.8.0
Affected Versions
Versions up to 4.7.9
Next Step
Update to 4.8.0 or newer if supported.
Review CVE-2025-54738 fixed version details Open CVE Reference
Theme Medium Patched: Yes CVE-2025-53201
CVE-2025-53201: Jobmonster <= 4.7.8 - Reflected Cross-Site Scripting

The Noo JobMonster theme for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 4.7.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in p...

Published
Jul 23, 2025
Patched Release
4.7.9
Affected Versions
Versions up to 4.7.8
Next Step
Update to 4.7.9 or newer if supported.
Review CVE-2025-53201 fixed version details Open CVE Reference
Theme Critical Patched: Yes CVE-2024-37927
CVE-2024-37927: Jobmonster <= 4.7.5 - Unauthenticated Privilege Escalation

The Noo JobMonster theme for WordPress is vulnerable to privilege escalation in all versions up to, and including, 4.7.5. This makes it possible for unauthenticated attackers to gain higher privileged access to a vulnerable site.

Published
Jul 09, 2024
Patched Release
4.7.6
Affected Versions
Versions up to 4.7.5
Next Step
Update to 4.7.6 or newer if supported.
Review CVE-2024-37927 fixed version details Open CVE Reference
Theme Critical Patched: Yes CVE-2024-37928
CVE-2024-37928: Jobmonster < 4.7.5 - Unauthenticated Arbitrary File Deletion

The Noo JobMonster theme for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in a function in all versions up to, and not including, 4.7.5. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, wh...

Published
Jul 09, 2024
Patched Release
4.7.5
Affected Versions
Versions before 4.7.5
Next Step
Update to 4.7.5 or newer if supported.
Review CVE-2024-37928 fixed version details Open CVE Reference
Theme Medium Patched: Yes CVE-2022-1166
CVE-2022-1166: Noo JobMonster <= 4.6.6 - Sensitive Information Disclosure via Directory Listing

The Noo JobMonster theme is vulnerable to Sensitive Information Disclosure via Directory Listing in the /wp-content/uploads/jobmonster/ folder, as it did not include a default PHP file, or .htaccess file in versions up to, and including 4.6.6. This could expose personal data such...

Published
Sep 11, 2020
Patched Release
4.6.6.1
Affected Versions
Versions up to 4.6.6
Next Step
Update to 4.6.6.1 or newer if supported.
Review CVE-2022-1166 fixed version details Open CVE Reference
Theme Medium Patched: Yes CVE-2022-1170
CVE-2022-1170: Noo JobMonster < 4.5.2.9 - Reflected Cross-Site Scripting

In the Noo JobMonster WordPress theme before 4.5.2.9 JobMonster there is a XSS vulnerability as the input for the search form is provided through unsanitized GET requests.

Published
Oct 24, 2019
Patched Release
4.5.2.9
Affected Versions
Versions before 4.5.2.9
Next Step
Update to 4.5.2.9 or newer if supported.
Review CVE-2022-1170 fixed version details Open CVE Reference