CVE-2025-7374
WP JobHunt <= 7.6 Authenticated (Custom+) Authorization BypassThe WP JobHunt plugin for WordPress, used by the JobCareer theme, is vulnerable to authorization bypass in all versions up to, and including, 7.6. This is due to insufficient login restrictions on inactive and pending accounts. This makes it possible for authenticated attackers, with Candidate- and Employer-level access and above, to log in to the site even if their account is inactive or pending.
We have discovered 1 live websites that are affected by CVE-2025-7374.
Affected Software
| Product | |
| Category | Wordpress Plugins |
| Vulnerable Domains | 1 live websites (100% of WP JobHunt install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 0 versions ( less than 0.1% of all versions) |
Common Weakness Enumeration
CWE-863 Incorrect AuthorizationDetails
- Published - Oct 10, 2025
- Updated - Oct 10, 2025
Credits
- meghnine islem (finder)
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2025-7374 United States | 1 websites |
Websites affected by CVE-2025-7374
Top websites that are affected by CVE-2025-7374. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *******.***.***.lb | United States | **,***,*** |
FAQ
CVE-2025-7374 is Incorrect Authorization in WP JobHunt
A total of 1 websites have been identified as vulnerable to CVE-2025-7374, based on global website indexing conducted by WebTechSurvey.
The WP JobHunt is affected by the CVE-2025-7374 vulnerability.
WP JobHunt versions up to and including 7.6 are vulnerable to CVE-2025-7374.