Nootheme Jobmonster vulnerabilities

CVE-2026-25340 [CRITICAL] CWE-89 CVE-2026-25340: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NooTheme Jobmonster noo-jobmonster allows Blind SQL Injection.This issue affects Jobmonster: from n/a through < 4.8.4.

CVE-2025-67522 [CRITICAL] CWE-98 CVE-2025-67522: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in NooTheme Jobmonster noo-jobmonster allows PHP Local File Inclusion.This issue affects Jobmonster: from n/a through <= 4.8.2.

CVE-2025-54737 [HIGH] CWE-79 CVE-2025-54737: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NooTheme Jobmonster noo-jobmonster allows Reflected XSS.This issue affects Jobmonster: from n/a through <= 4.7.8.

CVE-2025-54738 CWE-288 CVE-2025-54738: Authentication Bypass Using an Alternate Path or Channel vulnerability in NooTheme Jobmonster noo-jo Authentication Bypass Using an Alternate Path or Channel vulnerability in NooTheme Jobmonster noo-jobmonster allows Authentication Abuse.This issue affects Jobmonster: from n/a through <= 4.7.9.

CVE-2025-57888 CWE-497 CVE-2025-57888: Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in NooTheme Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in NooTheme Jobmonster noo-jobmonster allows Retrieve Embedded Sensitive Data.This issue affects Jobmonster: from n/a through <= 4.8.0.

CVE-2025-57887 CWE-79 CVE-2025-57887: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NooTheme Jobmonster noo-jobmonster allows Stored XSS.This issue affects Jobmonster: from n/a through <= 4.8.0.

CVE-2025-53201 CWE-79 CVE-2025-53201: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NooTheme Jobmonster noo-jobmonster allows Reflected XSS.This issue affects Jobmonster: from n/a through <= 4.7.8.

CVE-2024-37928 [HIGH] CWE-22 CVE-2024-37928: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in NooT Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in NooTheme Jobmonster allows File Manipulation.This issue affects Jobmonster: from n/a through 4.7.0.

CVE-2024-37927 CWE-266 CVE-2024-37927: Incorrect Privilege Assignment vulnerability in NooTheme Jobmonster noo-jobmonster allows Privilege Incorrect Privilege Assignment vulnerability in NooTheme Jobmonster noo-jobmonster allows Privilege Escalation.This issue affects Jobmonster: from n/a through <= 4.7.5.

CVE-2022-1170 [MEDIUM] CWE-79 CVE-2022-1170: In the Noo JobMonster WordPress theme before 4.5.2.9 JobMonster there is a XSS vulnerability as the In the Noo JobMonster WordPress theme before 4.5.2.9 JobMonster there is a XSS vulnerability as the input for the search form is provided through unsanitized GET requests.

CVE-2022-1166 [MEDIUM] CWE-22 CVE-2022-1166: The JobMonster Theme was vulnerable to Directory Listing in the /wp-content/uploads/jobmonster/ fold The JobMonster Theme was vulnerable to Directory Listing in the /wp-content/uploads/jobmonster/ folder, as it did not include a default PHP file, or .htaccess file. This could expose personal data such as people's resumes. Although Directory Listing can be prevented by securely configuring the web server, vendors can also take measures to make it less