Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Watchlists Beta Browse News Feed Stats About Contact

NooThemes security patch release for CVE-2025-5397

Security Patch Release
First reported
Last updated
Happening score
H score 53
1 unique sources, 1 articles

Summary

Hide ▲

The JobMonster WordPress theme now has a fixed release, version 4.8.2, for CVE-2025-5397, closing an authentication-bypass path that could let attackers hijack administrator accounts on sites with social login enabled. The affected versions ran up to 4.8.1, and users are being told to upgrade to the patched build immediately. If upgrading is delayed, disabling social login is the temporary mitigation.

Related Happenings

The vendor security patch release for CVE-2026-8206

Security Patch Release
H score89 First: 03.06.2026 01:12 Last: 03.06.2026 01:12 Sources 1

About this happening: **Kirki - Freeform Page Builder, Website Builder & Customizer** shipped **version 6.0.7** to fix **CVE-2026-8206**, a privilege-escalation flaw that could let attackers take over...

Open Happening

LiteSpeed cPanel user-end plugin urgent security update (CVE-2026-48172)

Security Patch Release
H score42 First: 27.05.2026 13:06 Last: 27.05.2026 13:06 Sources 1

About this happening: LiteSpeed released **urgent security updates** for the **cPanel user-end plugin** after **CVE-2026-48172** was found to be **actively exploited**, reducing exposure for systems ru...

Latest development: 16.06.2026 13:47

CISA added CVE-2026-48172/CVE-2026-54420 in the LiteSpeed cPanel user-end plugin to the Known Exploited Vulnerabilities Catalog and ordered Federal Civilian Executive Branch agencies to secure affected servers within three days under BOD 26-04. The affected plugin versions before 2.4.8 are described as actively exploited, with FTP or web shell access enabling root escalation on shared hosting servers running CloudLinux/CageFS.

Open Happening

Drupal core security update for CVE-2026-9082

Security Patch Release
H score74 First: 22.05.2026 16:14 Last: 22.05.2026 16:14 Sources 1

About this happening: **Drupal** released security updates for **CVE-2026-9082**, a highly critical SQL injection flaw affecting **PostgreSQL**-backed sites, and urged administrators to **upgrade immed...

Open Happening

Cisco Secure Workload REST API patch release (CVE-2026-20223)

Security Patch Release
H score55 First: 22.05.2026 08:36 Last: 22.05.2026 08:36 Sources 1

About this happening: Cisco patched **CVE-2026-20223**, a **CVSS 10.0** Secure Workload REST API flaw that could expose sensitive data and allow configuration changes across tenant boundaries. The upda...

Open Happening

Avada Builder 3.15.3 patch release (CVE-2026-4782, CVE-2026-4798)

Security Patch Release
H score21 First: 15.05.2026 18:56 Last: 15.05.2026 18:56 Sources 1

About this happening: **Avada Builder** shipped **version 3.15.3** as the full fix for **CVE-2026-4782** and **CVE-2026-4798**, closing the plugin flaws that could expose files and database data. A pri...

Open Happening

Timeline

  1. 04.11.2025 09:49 2 articles · 7mo ago

    JobMonster 4.8.2 fixes CVE-2025-5397 authentication bypass

    Mitigation Patch Update

    JobMonster version 4.8.2 fixes CVE-2025-5397, an authentication bypass in the JobMonster WordPress theme that can let unauthenticated attackers access administrative user accounts when social login is enabled. Wordfence said it blocked multiple exploit attempts against its clients over the past 24 hours, and site operators are being urged to upgrade immediately or disable social login as a temporary mitigation.

    Show sources
    Open in new tab