CVE-2025-6585
Published: 22 July 2025
Summary
CVE-2025-6585 is a high-severity Improper Input Validation (CWE-20) vulnerability in Themeforest (inferred from references). Its CVSS base score is 8.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Account Access Removal (T1531); ranked in the top 49.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2025-6585, published on 2025-07-22, is an Insecure Direct Object Reference (IDOR) vulnerability affecting the WP JobHunt plugin for WordPress in all versions up to and including 7.2. The issue arises in the cs_remove_profile_callback() function due to missing validation of a user-controlled key, mapped to CWE-20. It carries a CVSS v3.1 base score of 8.1 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H), indicating high severity with significant impacts on integrity and availability but no confidentiality loss.
Authenticated attackers possessing Subscriber-level access or higher can exploit this vulnerability over the network with low complexity and no user interaction. Successful exploitation allows them to delete accounts of arbitrary users, including administrators, potentially disrupting site operations and enabling further compromise through account takeover or denial of service.
Advisories providing additional details, including potential mitigation steps, are available from Wordfence at https://www.wordfence.com/threat-intel/vulnerabilities/id/afb3e0e0-68c7-43f6-981f-59c3f3507429?source=cve and the plugin's ThemeForest page at https://themeforest.net/item/jobcareer-job-board-responsive-wordpress-theme/14221636.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-22291
Vulnerability details
The WP JobHunt plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 7.2 via the cs_remove_profile_callback() function due to missing validation on a user controlled key. This makes it possible for authenticated…
more
attackers, with Subscriber-level access and above, to delete accounts of other users including admins.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
IDOR enables authenticated arbitrary account deletion, directly facilitating Account Access Removal (T1531).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Enforces approved authorizations to prevent low-privilege authenticated users from deleting unauthorized user accounts via the IDOR in cs_remove_profile_callback().
Validates user-controlled keys to ensure they only reference objects the authenticated user is authorized to access or delete.
Manages account lifecycle processes to restrict deletion capabilities to authorized personnel only, mitigating unauthorized account removals.