CVE-2025-1313 is a high-severity authentication bypass vulnerability affecting the Nokri – Job Board WordPress Theme developed by scriptsbundle. This vulnerability exists in all versions up to and including 1.6.3. The root cause is improper validation of user identity when updating sensitive account details such as email addresses. Specifically, authenticated users with Subscriber-level privileges or higher can exploit this flaw to change arbitrary users' email addresses, including those of administrators. By altering an administrator's email address, the attacker can trigger a password reset process, effectively taking over the administrator account without needing the original credentials. This constitutes a privilege escalation attack via account takeover. The vulnerability is classified under CWE-288 (Authentication Bypass Using an Alternate Path or Channel), indicating that the authentication mechanism can be circumvented through an alternate method. The CVSS v3.1 base score is 8.8 (high), reflecting the network attack vector, low attack complexity, required privileges at the level of a subscriber, no user interaction, and high impact on confidentiality, integrity, and availability. No known public exploits have been reported yet, but the vulnerability's nature and impact make it a critical risk for affected WordPress sites using this theme. Since the theme is designed for job board functionality, it is likely deployed on websites handling user registrations, job postings, and potentially sensitive personal data, increasing the risk profile.

For European organizations, this vulnerability poses a significant risk, especially for businesses and platforms operating job boards or recruitment services using the Nokri theme. Successful exploitation leads to full administrative account takeover, allowing attackers to manipulate site content, steal or alter sensitive user data, inject malicious code, or disrupt service availability. This can result in data breaches involving personal data protected under GDPR, leading to regulatory fines and reputational damage. The ability to escalate privileges from a low-level subscriber account means that even minimally privileged users or compromised accounts can be leveraged to gain full control. This threat is particularly concerning for organizations relying on WordPress-based job portals, recruitment agencies, and HR departments across Europe. Additionally, the compromise of administrator accounts can facilitate further lateral movement within the hosting environment or connected systems, amplifying the impact. The absence of known exploits in the wild currently provides a window for proactive mitigation, but the high severity score underscores the urgency of patching or applying mitigations.

1. Immediate upgrade: Organizations should update the Nokri theme to a patched version once available from the vendor. Since no patch links are provided yet, monitoring the vendor's official channels for updates is critical. 2. Access control review: Restrict Subscriber-level user registrations and monitor for suspicious account creation or privilege escalations. 3. Implement multi-factor authentication (MFA) for all administrator accounts to reduce the risk of account takeover even if email addresses are changed. 4. Monitor logs for unusual email change requests or password reset activities, especially those initiated by lower-privileged users. 5. Temporarily disable or restrict the email update functionality in the theme via custom code or plugins if feasible, until a patch is released. 6. Harden WordPress security by limiting plugin/theme installations to trusted sources and conducting regular security audits. 7. Employ web application firewalls (WAFs) with rules to detect and block suspicious requests targeting user account modifications. 8. Educate administrators and users about phishing and social engineering risks that could compound the vulnerability exploitation. These measures go beyond generic advice by focusing on the specific attack vector (email change leading to password reset) and the privilege escalation path unique to this theme.