Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

NooThemes security patch release for CVE-2025-5397

Security Patch Release
First reported
Last updated
Happening score
H score 51
1 unique sources, 1 articles

Summary

Hide ▲

The JobMonster WordPress theme now has a fixed release, version 4.8.2, for CVE-2025-5397, closing an authentication-bypass path that could let attackers hijack administrator accounts on sites with social login enabled. The affected versions ran up to 4.8.1, and users are being told to upgrade to the patched build immediately. If upgrading is delayed, disabling social login is the temporary mitigation.

Related Happenings

LiteSpeed cPanel user-end plugin urgent security update (CVE-2026-48172)

Security Patch Release
First: 27.05.2026 13:06 Last: 27.05.2026 13:06 Sources 1

About this happening: LiteSpeed released **urgent security updates** for the **cPanel user-end plugin** after **CVE-2026-48172** was found to be **actively exploited**, reducing exposure for systems ru...

Open Happening

Drupal core security update for CVE-2026-9082

Security Patch Release
First: 22.05.2026 16:14 Last: 22.05.2026 16:14 Sources 1

About this happening: **Drupal** released security updates for **CVE-2026-9082**, a highly critical SQL injection flaw affecting **PostgreSQL**-backed sites, and urged administrators to **upgrade immed...

Open Happening

Cisco Secure Workload REST API patch release (CVE-2026-20223)

Security Patch Release
First: 22.05.2026 08:36 Last: 22.05.2026 08:36 Sources 1

About this happening: Cisco patched **CVE-2026-20223**, a **CVSS 10.0** Secure Workload REST API flaw that could expose sensitive data and allow configuration changes across tenant boundaries. The upda...

Open Happening

Avada Builder 3.15.3 patch release (CVE-2026-4782, CVE-2026-4798)

Security Patch Release
First: 15.05.2026 18:56 Last: 15.05.2026 18:56 Sources 1

About this happening: **Avada Builder** shipped **version 3.15.3** as the full fix for **CVE-2026-4782** and **CVE-2026-4798**, closing the plugin flaws that could expose files and database data. A pri...

Open Happening

CPanel security patch release for CVE-2026-41940

Security Patch Release
First: 29.04.2026 12:37 Last: 29.04.2026 12:37 Sources 1

About this happening: **cPanel** released **security updates** for **cPanel and WHM** after an **authentication bypass** flaw could let remote attackers reach control-panel access, with fixes now cover...

Latest development: 04.05.2026 22:14

CVE-2026-41940 in cPanel, WebHost Manager (WHM), and WP Squared was rapidly exploited after public disclosure, with Censys reporting attacks from multiple threat actors within 24 hours and about 15,000 potentially compromised instances in the first day. KnownHost said about 30 managed cPanel servers showed attempted exploitation, WatchTowr Labs published a PoC exploit and technical analysis, and Defused said much of the observed activity copied WatchTowr's PoC exactly.

Open Happening

Timeline

  1. 04.11.2025 09:49 2 articles · 6mo ago

    JobMonster 4.8.2 fixes CVE-2025-5397 authentication bypass

    Mitigation Patch Update

    JobMonster version 4.8.2 fixes CVE-2025-5397, an authentication bypass in the JobMonster WordPress theme that can let unauthenticated attackers access administrative user accounts when social login is enabled. Wordfence said it blocked multiple exploit attempts against its clients over the past 24 hours, and site operators are being urged to upgrade immediately or disable social login as a temporary mitigation.

    Show sources
    Open in new tab