CVE-2025-6585 – WordPress JobHunt Insecure Direct Object Reference

July 22, 2025

CVE ID : CVE-2025-6585

Published : July 22, 2025, 5:15 a.m. | 19 hours, 29 minutes ago

Description : The WP JobHunt plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 7.2 via the cs_remove_profile_callback() function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete accounts of other users including admins.

Severity: 8.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-7645 – WordPress Contact Form 7 Extensions File Deletion Vulnerability

Next Article CVE-2015-10137 – WordPress Website Contact Form With File Upload Remote Code Execution (RCE)

Designing Better UX For Left-Handed People

This week in AI dev tools: Gemini 2.5 Flash-Lite, GitLab Duo Agent Platform beta, and more (July 25, 2025)

Tenable updates Vulnerability Priority Rating scoring method to flag fewer vulnerabilities as critical

Google adds updated workspace templates in Firebase Studio that leverage new Agent mode

Trump’s AI plan says a lot about open source – but here’s what it leaves out

Google’s new Search mode puts classic results back on top – how to access it

These AR swim goggles I tested have all the relevant metrics (and no subscription)

Google’s new AI tool Opal turns prompts into apps, no coding required

Medical Card Generator Android App Project Using SQLite

Medical Card Generator Android App Project Using SQLite

The details of TC39’s last meeting

Laravel Scoped Route Binding for Nested Resource Management

Microsoft: Windows 11 24H2 now works with Easy Anti-Cheat (Fortnite), won’t cause BSODs anymore

Microsoft: Windows 11 24H2 now works with Easy Anti-Cheat (Fortnite), won’t cause BSODs anymore

How to Restore MSN Homepage Fast

How to Connect to Hilton WiFi

CVE-2025-6585 – WordPress JobHunt Insecure Direct Object Reference

Rogue CAPTCHAs: Look out for phony verification pages spreading malware

ToolShell: An all-you-can-eat buffet for threat actors

CVE-2025-43489 – Poly Clariti Manager Deserialization Vulnerability

CVE-2025-1301 – Yordam Informatics Library Automation System Reflected Cross-site Scripting Vulnerability

Perficient Wins the Gold: Globee® Customer Excellence Award for Customer Success Story

KIA Ecuador Keyless Entry Systems Vulnerability Exposes Thousands of Vehicles to Theft

I traveled 13,528 miles with these Snapdragon-powered laptops — Three key things make them ideal for trips

5 Questions to ask CCaaS Vendors as you Plan Your Cloud Migration

CVE-2025-5117 – WordPress Property Plugin Privilege Escalation Vulnerability

CVE-2025-52973 – Apache HTTP Server Unvalidated User Input

CVE-2025-6585 – WordPress JobHunt Insecure Direct Object Reference

Related Posts