CVE-2025-6585HIGH 8.1EPSS p28.1%

CVE-2025-6585CVE-2025-6585

Description

The WP JobHunt plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 7.2 via the cs_remove_profile_callback() function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete accounts of other users including admins.

Scoring

CVSS 3.18.1 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
EPSS0.36% probability of exploitation · percentile 28.1% · 2026-06-18T12:00:27Z
Published2025-07-22
Last modified2026-04-15

Underlying weaknesses· 1

CWE-20

References

  1. https://themeforest.net/item/jobcareer-job-board-responsive-wordpress-theme/14221636
  2. https://www.wordfence.com/threat-intel/vulnerabilities/id/afb3e0e0-68c7-43f6-981f-59c3f3507429?source=cve

1

TypeTargetConfidenceTier
WeaknessImproper Input Validationcwe-200%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-4758
CVE
CVE-2025-5956
CVE
CVE-2026-2554
CVE
CVE-2026-3453
CVE
CVE-2025-14868
CVE
CVE-2025-9693
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.