Unknown Noo Jobmonster vulnerabilities

CVE-2025-5397 [CRITICAL] CWE-288 CVE-2025-5397: The Noo JobMonster theme for WordPress is vulnerable to Authentication Bypass in all versions up to, The Noo JobMonster theme for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 4.8.1. This is due to the check_login() function not properly verifying a user's identity prior to successfully authenticating them This makes it possible for unauthenticated attackers to bypass standard authentication and access admin

CVE-2022-1166 [MEDIUM] CWE-22 CVE-2022-1166: The JobMonster Theme was vulnerable to Directory Listing in the /wp-content/uploads/jobmonster/ fold The JobMonster Theme was vulnerable to Directory Listing in the /wp-content/uploads/jobmonster/ folder, as it did not include a default PHP file, or .htaccess file. This could expose personal data such as people's resumes. Although Directory Listing can be prevented by securely configuring the web server, vendors can also take measures to make it less

CVE-2022-1170 [MEDIUM] CWE-79 CVE-2022-1170: In the Noo JobMonster WordPress theme before 4.5.2.9 JobMonster there is a XSS vulnerability as the In the Noo JobMonster WordPress theme before 4.5.2.9 JobMonster there is a XSS vulnerability as the input for the search form is provided through unsanitized GET requests.