CVE-2025-6585 is a high-severity vulnerability affecting the WP JobHunt plugin for WordPress, present in all versions up to and including 7.2. The vulnerability arises from improper input validation (CWE-20) in the cs_remove_profile_callback() function, which fails to properly validate a user-controlled key parameter. This flaw leads to an Insecure Direct Object Reference (IDOR) vulnerability, allowing authenticated attackers with as low as Subscriber-level privileges to delete accounts of other users, including administrators. The vulnerability does not require user interaction and can be exploited remotely over the network (AV:N). The attack complexity is low (AC:L), and only low privileges (PR:L) are needed, making exploitation feasible for many authenticated users. The impact is significant, with no confidentiality loss but high integrity and availability impact, as attackers can delete user accounts, potentially causing denial of service and privilege escalation by removing admin accounts. No known exploits are currently in the wild, but the vulnerability is publicly disclosed and rated with a CVSS 3.1 score of 8.1, indicating a high risk. The lack of patch links suggests that a fix may not yet be available, increasing the urgency for mitigation. This vulnerability is particularly dangerous because WordPress sites often rely on plugins like WP JobHunt for critical HR and recruitment functions, and the ability to delete admin accounts can lead to complete site takeover or disruption of business operations.

For European organizations, the impact of CVE-2025-6585 can be severe, especially for those relying on WordPress with the WP JobHunt plugin for recruitment and HR management. The ability for low-privilege users to delete administrator accounts threatens the integrity and availability of the entire website, potentially leading to service outages, loss of critical data, and disruption of recruitment processes. This can result in reputational damage, regulatory non-compliance (especially under GDPR if personal data is affected), and financial losses. Organizations in sectors with high reliance on digital recruitment platforms, such as large enterprises, government agencies, and educational institutions, may face heightened risks. The vulnerability could also be leveraged as a foothold for further attacks, including privilege escalation and lateral movement within the network. Given the plugin’s widespread use in Europe, the threat could affect a broad range of organizations, increasing the risk of coordinated or opportunistic attacks.

1. Immediate mitigation should include restricting Subscriber-level user capabilities to the minimum necessary, potentially disabling account deletion features for low-privilege users until a patch is available. 2. Implement strict access controls and monitoring on user management functions within WordPress, including logging and alerting on account deletions or modifications. 3. Employ Web Application Firewalls (WAFs) with custom rules to detect and block suspicious requests targeting the cs_remove_profile_callback() function or related endpoints. 4. Regularly audit installed plugins and remove or disable unused or vulnerable plugins like WP JobHunt until patched. 5. Maintain up-to-date backups of WordPress sites and user data to enable rapid recovery in case of account deletion or site compromise. 6. Monitor official WP JobHunt plugin channels and WordPress security advisories for patches or updates addressing this vulnerability and apply them promptly once available. 7. Consider implementing multi-factor authentication (MFA) for all administrative accounts to reduce the risk of account takeover following exploitation.