CVE-2025-6585
📋 TL;DR
The WP JobHunt WordPress plugin has an Insecure Direct Object Reference vulnerability that allows authenticated attackers with Subscriber-level access or higher to delete other user accounts, including administrator accounts. This affects all versions up to and including 7.2. Any WordPress site using this vulnerable plugin is at risk.
💻 Affected Systems
- WP JobHunt WordPress Plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could delete all user accounts including administrators, causing complete site takeover or destruction of user data.
Likely Case
Attackers delete specific high-value accounts (admins, editors) to disrupt operations or gain elevated privileges.
If Mitigated
With proper access controls and monitoring, impact is limited to unauthorized account deletions that can be detected and restored.
🎯 Exploit Status
Exploitation requires authenticated access but is technically simple once authenticated. Subscriber role is the lowest WordPress user role.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version after 7.2
Vendor Advisory: https://themeforest.net/item/jobcareer-job-board-responsive-wordpress-theme/14221636
Restart Required: No
Instructions:
1. Update WP JobHunt plugin to latest version (above 7.2). 2. Verify update completed successfully. 3. Test account deletion functionality.
🔧 Temporary Workarounds
Disable Plugin
allTemporarily disable WP JobHunt plugin until patched
wp plugin deactivate wp-jobhunt
Restrict User Registration
allDisable new user registration to prevent attacker account creation
Update WordPress Settings > General: Membership = 'Anyone can register' to unchecked
🧯 If You Can't Patch
- Implement web application firewall (WAF) rules to block requests to cs_remove_profile_callback() function
- Monitor user account deletion logs and implement alerting for suspicious activity
🔍 How to Verify
Check if Vulnerable:
Check WP JobHunt plugin version in WordPress admin panel under PluginsCheck Version:
wp plugin get wp-jobhunt --field=versionVerify Fix Applied:
Verify plugin version is above 7.2 and test account deletion with non-admin user📡 Detection & Monitoring
Log Indicators:
- Multiple account deletion events from non-admin users
- Requests to cs_remove_profile_callback() with different user IDs
Network Indicators:
- POST requests to /wp-admin/admin-ajax.php with action=cs_remove_profile_callback
SIEM Query:
source="wordpress.log" AND "cs_remove_profile_callback" AND user_role!="administrator"