CNNVD-202507-2855 Information

CNNVD ID

CNNVD-202507-2855

Related CVE

CVE-2025-6585

• CNNVD Published: 2025-07-22

Description (Chinese)

WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress plugin WP JobHunt 7.2及之前版本存在输入验证错误漏洞，该漏洞源于cs_remove_profile_callback函数缺少用户控制键验证，可能导致不安全的直接对象引用。

Description (English)

WordPress and WordPressplugin are products of WordPress. WordPress is a blog platform developed in the PHP language. The platform supports the installation of personal blogs on PHP and MySQL servers. WordPress plugin is an application plugin. WordPresin WP JobHunt 7.2 and previous versions have input authentication bugs that stem from the lack of user control keys for the cs remove profile callback function, which may lead to unsafe direct object references.

Hazard Level

Medium

Vulnerability Type

输入验证错误

Affected Vendor

WordPress

Published

2025-07-22

Last Modified

2026-02-24

References

https://themeforest.net/item/jobcareer-job-board-responsive-wordpress-theme/14221636 https://www.wordfence.com/threat-intel/vulnerabilities/id/afb3e0e0-68c7-43f6-981f-59c3f3507429?source=cve https://access.redhat.com/security/cve/cve-2025-6585 https://nvd.nist.gov/vuln/detail/CVE-2025-6585