Cyber Resilience

CVE-2025-6585

High

Published: 22 July 2025

Published
22 July 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
EPSS Score 0.0027 50.8th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-6585 is a high-severity Improper Input Validation (CWE-20) vulnerability in Themeforest (inferred from references). Its CVSS base score is 8.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Account Access Removal (T1531); ranked in the top 49.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2025-6585, published on 2025-07-22, is an Insecure Direct Object Reference (IDOR) vulnerability affecting the WP JobHunt plugin for WordPress in all versions up to and including 7.2. The issue arises in the cs_remove_profile_callback() function due to missing validation of a user-controlled key, mapped to CWE-20. It carries a CVSS v3.1 base score of 8.1 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H), indicating high severity with significant impacts on integrity and availability but no confidentiality loss.

Authenticated attackers possessing Subscriber-level access or higher can exploit this vulnerability over the network with low complexity and no user interaction. Successful exploitation allows them to delete accounts of arbitrary users, including administrators, potentially disrupting site operations and enabling further compromise through account takeover or denial of service.

Advisories providing additional details, including potential mitigation steps, are available from Wordfence at https://www.wordfence.com/threat-intel/vulnerabilities/id/afb3e0e0-68c7-43f6-981f-59c3f3507429?source=cve and the plugin's ThemeForest page at https://themeforest.net/item/jobcareer-job-board-responsive-wordpress-theme/14221636.

EU & UK References

Vulnerability details

The WP JobHunt plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 7.2 via the cs_remove_profile_callback() function due to missing validation on a user controlled key. This makes it possible for authenticated…

more

attackers, with Subscriber-level access and above, to delete accounts of other users including admins.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1531 Account Access Removal Impact
Adversaries may interrupt availability of system and network resources by inhibiting access to accounts utilized by legitimate users.
Why these techniques?

IDOR enables authenticated arbitrary account deletion, directly facilitating Account Access Removal (T1531).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-2750Shared CWE-20
CVE-2026-22862Shared CWE-20
CVE-2025-27224Shared CWE-20
CVE-2026-21268Shared CWE-20
CVE-2025-21234Shared CWE-20
CVE-2026-22868Shared CWE-20
CVE-2025-12907Shared CWE-20
CVE-2025-71003Shared CWE-20
CVE-2026-28860Shared CWE-20
CVE-2026-0078Shared CWE-20

Affected Assets

Themeforest
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces approved authorizations to prevent low-privilege authenticated users from deleting unauthorized user accounts via the IDOR in cs_remove_profile_callback().

prevent

Validates user-controlled keys to ensure they only reference objects the authenticated user is authorized to access or delete.

prevent

Manages account lifecycle processes to restrict deletion capabilities to authorized personnel only, mitigating unauthorized account removals.

References