nootheme — Vulnerabilities & Security Advisories 31

Browse all 31 CVE security advisories affecting nootheme. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top 10 Products nootheme:Jobmonster CitiLights Organici Library Jobica Core Noo Timetable Yogi - Health Beauty & Yoga WeMusic Visionary Core Job Listings Yogi Realty Portal – Agent Realty Portal Jobmonster Elementor Addon

CVE ID	Title	CVSS	Severity	Paused
CVE-2026-27049	WordPress Jobica Core plugin <= 1.4.2 - Account Takeover vulnerability — Jobica CoreCWE-288	9.8	Critical	2026-03-25
CVE-2026-25340	WordPress Jobmonster theme < 4.8.4 - SQL Injection vulnerability — JobmonsterCWE-89	9.3	Critical	2026-03-25
CVE-2026-24981	WordPress Visionary Core plugin <= 1.4.9 - PHP Object Injection vulnerability — Visionary CoreCWE-502	8.8	High	2026-03-25
CVE-2026-24980	WordPress Visionary Core plugin <= 1.4.9 - Reflected Cross Site Scripting (XSS) vulnerability — Visionary CoreCWE-79	7.1	High	2026-03-25
CVE-2026-24977	WordPress Organici Library plugin <= 2.1.2 - SQL Injection vulnerability — Organici LibraryCWE-89	8.5	High	2026-03-25
CVE-2026-24975	WordPress Organici Library plugin <= 2.1.2 - Reflected Cross Site Scripting (XSS) vulnerability — Organici LibraryCWE-79	7.1	High	2026-03-25
CVE-2026-24978	WordPress Jobica Core plugin <= 1.4.1 - PHP Object Injection vulnerability — Jobica CoreCWE-502	8.8	High	2026-03-25
CVE-2026-24979	WordPress Jobica Core plugin <= 1.4.1 - Reflected Cross Site Scripting (XSS) vulnerability — Jobica CoreCWE-79	7.1	High	2026-03-25
CVE-2026-24976	WordPress Organici Library plugin <= 2.1.2 - PHP Object Injection vulnerability — Organici LibraryCWE-502	8.8	High	2026-03-25
CVE-2026-24973	WordPress CitiLights theme <= 3.7.1 - Reflected Cross Site Scripting (XSS) vulnerability — CitiLightsCWE-79	7.1	High	2026-03-25
CVE-2026-24974	WordPress CitiLights theme <= 3.7.1 - PHP Object Injection vulnerability — CitiLightsCWE-502	8.8	High	2026-03-25
CVE-2026-25367	WordPress CitiLights theme < 3.7.2 - Broken Access Control vulnerability — CitiLightsCWE-862	8.2^AI	High^AI	2026-02-19
CVE-2025-67524	WordPress Jobmonster Elementor Addon plugin <= 1.1.4 - Local File Inclusion vulnerability — Jobmonster Elementor AddonCWE-98	7.5	High	2025-12-09
CVE-2025-67522	WordPress Jobmonster theme <= 4.8.2 - Local File Inclusion vulnerability — JobmonsterCWE-98	7.5	High	2025-12-09
CVE-2025-11985	Realty Portal <= 0.4.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update — Realty PortalCWE-862	8.8	High	2025-11-21
CVE-2025-54737	WordPress Jobmonster theme <= 4.7.8 - Cross Site Scripting (XSS) vulnerability — JobmonsterCWE-79	6.1	-	2025-11-06
CVE-2025-54719	WordPress Yogi - Health Beauty & Yoga Theme <= 2.9.2 - Deserialization of untrusted data Vulnerability — Yogi - Health Beauty & YogaCWE-502	9.8	-	2025-11-06
CVE-2025-54718	WordPress Yogi - Health Beauty & Yoga theme <= 2.9.2 - Cross Site Scripting (XSS) vulnerability — Yogi - Health Beauty & YogaCWE-79	6.1	-	2025-11-06
CVE-2025-53586	WordPress WeMusic Theme <= 1.9.1 - PHP Object Injection Vulnerability — WeMusicCWE-502	8.8	High	2025-11-06
CVE-2025-53585	WordPress WeMusic theme <= 1.9.1 - Cross Site Scripting (XSS) vulnerability — WeMusicCWE-79	7.1	High	2025-11-06
CVE-2025-54738	WordPress Jobmonster Theme <= 4.7.9 - Broken Authentication Vulnerability — JobmonsterCWE-288	9.8	Critical	2025-08-28
CVE-2025-57888	WordPress Jobmonster Theme <= 4.8.0 - Sensitive Data Exposure Vulnerability — JobmonsterCWE-497	5.3	Medium	2025-08-22
CVE-2025-57887	WordPress Jobmonster Theme <= 4.8.0 - Cross Site Scripting (XSS) Vulnerability — JobmonsterCWE-79	6.5	Medium	2025-08-22
CVE-2025-53201	WordPress Jobmonster theme <= 4.7.8 - Cross Site Scripting (XSS) vulnerability — JobmonsterCWE-79	7.1	High	2025-08-20
CVE-2025-6190	Realty Portal – Agent <= 0.3.9 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation via rp_user_profile() Function — Realty Portal – AgentCWE-862	8.8	High	2025-07-23
CVE-2025-24779	WordPress Yogi theme < 2.9.3 - PHP Object Injection Vulnerability — YogiCWE-502	8.8	High	2025-07-16
CVE-2025-3918	Job Listings 0.1 - 0.1.1 - Unauthenticated Privilege Escalation via register_action Function — Job ListingsCWE-285	9.8	Critical	2025-05-03
CVE-2024-37928	WordPress Jobmonster theme <= 4.7.0 - Unauthenticated Arbitrary File Deletion vulnerability — JobmonsterCWE-22	8.6	High	2024-07-12
CVE-2024-37927	WordPress Jobmonster theme <= 4.7.5 - Unauthenticated Privilege Escalation vulnerability — JobmonsterCWE-266	8.8^AI	High^AI	2024-07-12
CVE-2022-45821	WordPress NOO Timetable Plugin <= 2.1.3 is vulnerable to Cross Site Scripting (XSS) — Noo TimetableCWE-79	6.5	Medium	2023-08-08

This page lists every published CVE security advisory associated with nootheme. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.

Support Us — Your donation helps us keep running

nootheme — Vulnerabilities & Security Advisories 31