WordPress WordPress Job Board and Recruitment Plugin – JobWP Plugin <= 2.0 is vulnerable to Arbitrary File Upload
CVE-2023-29384

10CRITICAL

Key Information:

Vendor: Wordpress
Status: WordPress Job Board And Recruitment Plugin – JobWP
Vendor: CVE Published:; 20 December 2023

Badges

👾 Exploit Exists🟡 Public PoC

Summary

An unrestricted file upload vulnerability exists in the HM Plugin WordPress Job Board and Recruitment Plugin – JobWP, allowing attackers to upload potentially harmful files without proper validation. This can lead to severe consequences, such as remote code execution or data compromise. Affected versions are JobWP plugin version 2.0 and earlier, which do not adequately restrict file types for uploads, making it imperative for users to update to secure their installations.

Affected Version(s)

WordPress Job Board and Recruitment Plugin – JobWP <= 2.0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2023-29384
Created by nastar-id

References

https://patchstack.com/database/vulnerability/jobwp/wordp...

vdb-entry

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

🟡
Public PoC available
Aug 20, 2024
👾
Exploit known to exist
Aug 20, 2024
Vulnerability published
Dec 20, 2023
Vulnerability Reserved
Apr 5, 2023

Credit

MyungJu Kim (Patchstack Alliance)