Arbitrary File Upload Vulnerability in JobSearch WP Job Board Plugin
CVE-2024-8614

8.8HIGH

Key Information:

Vendor: Wordpress
Status: Jobsearch WP Job Board
Vendor: CVE Published:; 6 November 2024

Summary

The JobSearch WP Job Board plugin for WordPress has a security vulnerability that permits arbitrary file uploads, stemming from insufficient file type validation in the jobsearch_wp_handle_upload() function. This flaw affects all versions up to and including 2.6.7, allowing authenticated users, including those with subscriber-level access and higher, to upload malicious files to the server. This successful exploit could pave the way for potential remote code execution, posing significant risks to the integrity and security of the affected WordPress site.

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://codecanyon.net/item/jobsearch-wp-job-board-wordpr...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 6, 2024