CVE-2025-1313 is a high-severity authentication bypass vulnerability affecting the Nokri – Job Board WordPress Theme developed by scriptsbundle. This vulnerability exists in all versions up to and including 1.6.3. The root cause is improper validation of user identity when updating sensitive account details such as email addresses. Specifically, authenticated users with Subscriber-level access or higher can exploit this flaw to change arbitrary users' email addresses, including those of administrators. By changing an administrator's email address, the attacker can trigger the password reset process to gain full control over the administrator account. This effectively leads to privilege escalation and account takeover. The vulnerability is classified under CWE-288 (Authentication Bypass Using an Alternate Path or Channel), indicating that the theme does not properly verify the authenticity of requests to update user details. The CVSS v3.1 score of 8.8 (High) reflects the network attack vector, low attack complexity, privileges required at a low level, no user interaction needed, and high impact on confidentiality, integrity, and availability. No known exploits are currently reported in the wild, but the vulnerability's nature and impact make it a critical risk for affected WordPress sites using this theme. The absence of patch links suggests that a fix may not yet be publicly available, emphasizing the need for immediate mitigation steps.

For European organizations using the Nokri – Job Board WordPress Theme, this vulnerability poses a significant risk. Job board websites often handle sensitive personal data, including resumes, contact details, and employment history, making them attractive targets for attackers. Successful exploitation could lead to unauthorized access to administrator accounts, allowing attackers to manipulate site content, steal user data, or deploy further malware. This could result in data breaches violating GDPR regulations, leading to legal penalties and reputational damage. Additionally, compromised administrator accounts could be used to disrupt service availability or deface websites, impacting business operations and user trust. Organizations relying on this theme for recruitment or HR functions may face operational disruptions and loss of candidate confidence. The vulnerability's ease of exploitation by low-privilege authenticated users increases the threat, as even compromised or malicious subscriber accounts can be leveraged for full takeover.

1. Immediate mitigation should include restricting access to the WordPress admin area and user profile update functionalities to trusted users only, possibly through IP whitelisting or two-factor authentication (2FA) for all accounts with elevated privileges. 2. Monitor and audit user account changes, especially email address updates, to detect suspicious activities promptly. 3. Until an official patch is released, consider disabling or removing the Nokri theme or replacing it with a secure alternative to eliminate exposure. 4. Implement strict user role management policies to minimize the number of users with Subscriber-level or higher access, reducing the attack surface. 5. Regularly back up the website and database to enable quick restoration in case of compromise. 6. Employ Web Application Firewalls (WAF) with custom rules to detect and block anomalous requests attempting to change user emails or reset passwords. 7. Stay informed through vendor advisories and security communities for updates or patches addressing this vulnerability.