CVE-2025-6585

{"id": "CVE-2025-6585", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "security@wordfence.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 5.2, "exploitabilityScore": 2.8}]}, "published": "2025-07-22T05:15:41.207", "references": [{"url": "https://themeforest.net/item/jobcareer-job-board-responsive-wordpress-theme/14221636", "source": "security@wordfence.com"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/afb3e0e0-68c7-43f6-981f-59c3f3507429?source=cve", "source": "security@wordfence.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "security@wordfence.com", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "The WP JobHunt plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 7.2 via the cs_remove_profile_callback() function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete accounts of other users including admins."}, {"lang": "es", "value": "El complemento WP JobHunt para WordPress es vulnerable a una Referencia Directa a Objetos Insegura en todas las versiones hasta la 7.2 incluida, a trav\u00e9s de la funci\u00f3n cs_remove_profile_callback(), debido a la falta de validaci\u00f3n en una clave controlada por el usuario. Esto permite a atacantes autenticados, con acceso de suscriptor o superior, eliminar cuentas de otros usuarios, incluidos los administradores."}], "lastModified": "2025-07-22T13:05:40.573", "sourceIdentifier": "security@wordfence.com"}