VulnTitan VulnTitan Security command center
Theme Vulnerability Hub
Theme 12 known issues Latest disclosed Mar 23, 2026

Noo JobMonster Vulnerabilities

Review known vulnerability records for the WordPress theme Noo JobMonster (`noo-jobmonster`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2026-25340, CVE-2025-67522 and CVE-2025-5397, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed
Known Records
12
High or Critical
6
Patch Coverage
100%
Last Updated
Apr 02, 2026
Priority CVE Quick Links

Fast paths into Noo JobMonster CVE reports

Start with the highest-signal CVE records for this WordPress theme before scanning the full vulnerability feed.

Indexed CVEs
12
CVE-2025-5397 Critical 4.8.2
CVE-2025-5397 Noo JobMonster Vulnerability

Jobmonster - Job Board WordPress Theme <= 4.8.1 - Authentication Bypass

CVE-2025-54738 Critical 4.8.0
CVE-2025-54738 Noo JobMonster Vulnerability

Jobmonster <= 4.7.9 - Authentication Bypass

CVE-2024-37927 Critical 4.7.6
CVE-2024-37927 Noo JobMonster Privilege Escalation

Jobmonster <= 4.7.5 - Unauthenticated Privilege Escalation

CVE-2024-37928 Critical 4.7.5
CVE-2024-37928 Noo JobMonster Remote Code Execution

Jobmonster < 4.7.5 - Unauthenticated Arbitrary File Deletion

CVE-2026-25340 High 4.8.4
CVE-2026-25340 Noo JobMonster SQL Injection

Noo JobMonster < 4.8.4 - Unauthenticated SQL Injection

CVE-2025-67522 High 4.8.3
CVE-2025-67522 Noo JobMonster Local File Inclusion

Jobmonster <= 4.8.2 - Authenticated (Contributor+) Local File Inclusion

CVE-2025-57887 Medium 4.8.1
CVE-2025-57887 Noo JobMonster Stored Cross-Site Scripting

Jobmonster <= 4.8.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

CVE-2025-54737 Medium 4.7.9
CVE-2025-54737 Noo JobMonster Cross-Site Scripting

Jobmonster <= 4.7.8 - Reflected Cross-Site Scripting

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for Noo JobMonster so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility
12 records include a published patch path, leaving 0 with no listed safe release yet.
Severity Mix
4 critical and 2 high severity findings.
Recent CVEs
CVE-2026-25340, CVE-2025-67522 and CVE-2025-5397
Reference Workflow
Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.
Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

Known Vulnerabilities

Reports for Noo JobMonster

Sorted by latest disclosure date so newly published issues surface first.

Theme High Patched: Yes CVE-2026-25340
CVE-2026-25340: Noo JobMonster < 4.8.4 - Unauthenticated SQL Injection

The Noo JobMonster theme for WordPress is vulnerable to SQL Injection in versions up to 4.8.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append a...

Published
Mar 23, 2026
Patched Release
4.8.4
Affected Versions
Versions before 4.8.4
Next Step
Update to 4.8.4 or newer if supported.
Open CVE-2026-25340 Report Open CVE Reference
Theme High Patched: Yes CVE-2025-67522
CVE-2025-67522: Jobmonster <= 4.8.2 - Authenticated (Contributor+) Local File Inclusion

The Jobmonster theme for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 4.8.2. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execut...

Published
Dec 12, 2025
Patched Release
4.8.3
Affected Versions
Versions up to 4.8.2
Next Step
Update to 4.8.3 or newer if supported.
Open CVE-2025-67522 Report Open CVE Reference
Theme Critical Patched: Yes CVE-2025-5397
CVE-2025-5397: Jobmonster - Job Board WordPress Theme <= 4.8.1 - Authentication Bypass

The Noo JobMonster theme for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 4.8.1. This is due to the check_login() function not properly verifying a user's identity prior to successfully authenticating them This makes it possible for unaut...

Published
Oct 30, 2025
Patched Release
4.8.2
Affected Versions
Versions up to 4.8.1
Next Step
Update to 4.8.2 or newer if supported.
Open CVE-2025-5397 Report Open CVE Reference
Theme Medium Patched: Yes CVE-2025-54737
CVE-2025-54737: Jobmonster <= 4.7.8 - Reflected Cross-Site Scripting

The Jobmonster theme for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 4.7.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages tha...

Published
Aug 31, 2025
Patched Release
4.7.9
Affected Versions
Versions up to 4.7.8
Next Step
Update to 4.7.9 or newer if supported.
Open CVE-2025-54737 Report Open CVE Reference
Theme Medium Patched: Yes CVE-2025-57887
CVE-2025-57887: Jobmonster <= 4.8.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Jobmonster theme for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.8.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inje...

Published
Aug 22, 2025
Patched Release
4.8.1
Affected Versions
Versions up to 4.8.0
Next Step
Update to 4.8.1 or newer if supported.
Open CVE-2025-57887 Report Open CVE Reference
Theme Medium Patched: Yes CVE-2025-57888
CVE-2025-57888: Jobmonster <= 4.8.0 - Unauthenticated Sensitive Information Disclosure

The Noo JobMonster theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.8.0. This makes it possible for unauthenticated attackers to extract sensitive user or configuration data.

Published
Aug 22, 2025
Patched Release
4.8.1
Affected Versions
Versions up to 4.8.0
Next Step
Update to 4.8.1 or newer if supported.
Open CVE-2025-57888 Report Open CVE Reference
Theme Critical Patched: Yes CVE-2025-54738
CVE-2025-54738: Jobmonster <= 4.7.9 - Authentication Bypass

The Noo JobMonster theme for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 4.7.9.This makes it possible for unauthenticated attackers to bypass authentication and log in as other users, including administrators.

Published
Aug 21, 2025
Patched Release
4.8.0
Affected Versions
Versions up to 4.7.9
Next Step
Update to 4.8.0 or newer if supported.
Open CVE-2025-54738 Report Open CVE Reference
Theme Medium Patched: Yes CVE-2025-53201
CVE-2025-53201: Jobmonster <= 4.7.8 - Reflected Cross-Site Scripting

The Noo JobMonster theme for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 4.7.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in p...

Published
Jul 23, 2025
Patched Release
4.7.9
Affected Versions
Versions up to 4.7.8
Next Step
Update to 4.7.9 or newer if supported.
Open CVE-2025-53201 Report Open CVE Reference
Theme Critical Patched: Yes CVE-2024-37927
CVE-2024-37927: Jobmonster <= 4.7.5 - Unauthenticated Privilege Escalation

The Noo JobMonster theme for WordPress is vulnerable to privilege escalation in all versions up to, and including, 4.7.5. This makes it possible for unauthenticated attackers to gain higher privileged access to a vulnerable site.

Published
Jul 09, 2024
Patched Release
4.7.6
Affected Versions
Versions up to 4.7.5
Next Step
Update to 4.7.6 or newer if supported.
Open CVE-2024-37927 Report Open CVE Reference
Theme Critical Patched: Yes CVE-2024-37928
CVE-2024-37928: Jobmonster < 4.7.5 - Unauthenticated Arbitrary File Deletion

The Noo JobMonster theme for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in a function in all versions up to, and not including, 4.7.5. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, wh...

Published
Jul 09, 2024
Patched Release
4.7.5
Affected Versions
Versions before 4.7.5
Next Step
Update to 4.7.5 or newer if supported.
Open CVE-2024-37928 Report Open CVE Reference
Theme Medium Patched: Yes CVE-2022-1166
CVE-2022-1166: Noo JobMonster <= 4.6.6 - Sensitive Information Disclosure via Directory Listing

The Noo JobMonster theme is vulnerable to Sensitive Information Disclosure via Directory Listing in the /wp-content/uploads/jobmonster/ folder, as it did not include a default PHP file, or .htaccess file in versions up to, and including 4.6.6. This could expose personal data such...

Published
Sep 11, 2020
Patched Release
4.6.6.1
Affected Versions
Versions up to 4.6.6
Next Step
Update to 4.6.6.1 or newer if supported.
Open CVE-2022-1166 Report Open CVE Reference
Theme Medium Patched: Yes CVE-2022-1170
CVE-2022-1170: Noo JobMonster < 4.5.2.9 - Reflected Cross-Site Scripting

In the Noo JobMonster WordPress theme before 4.5.2.9 JobMonster there is a XSS vulnerability as the input for the search form is provided through unsanitized GET requests.

Published
Oct 24, 2019
Patched Release
4.5.2.9
Affected Versions
Versions before 4.5.2.9
Next Step
Update to 4.5.2.9 or newer if supported.
Open CVE-2022-1170 Report Open CVE Reference