Unauthenticated File Upload Vulnerability in JobSearch WP Job Board Plugin Could Lead to Remote Code Execution
CVE-2024-8615

9.8CRITICAL

Key Information:

Vendor: Wordpress
Status: Jobsearch WP Job Board
Vendor: CVE Published:; 6 November 2024

Summary

The JobSearch WP Job Board plugin for WordPress features a vulnerability that permits unauthenticated attackers to upload arbitrary files to the server. This issue arises from a lack of proper file type validation in the jobsearch_location_load_excel_file_callback() function. All versions of the plugin up to and including 2.6.7 are affected, enabling potential exploitation that could lead to remote code execution on the affected site's infrastructure.

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://codecanyon.net/item/jobsearch-wp-job-board-wordpr...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 6, 2024