Unauthenticated File Upload Vulnerability in JobSearch WP Job Board Plugin Could Lead to Remote Code Execution
CVE-2024-8615

10CRITICAL

Key Information:

Vendor: WordPress
Status: Jobsearch WP Job Board
Vendor: CVE Published:; 6 November 2024

What is CVE-2024-8615?

The JobSearch WP Job Board plugin for WordPress features a vulnerability that permits unauthenticated attackers to upload arbitrary files to the server. This issue arises from a lack of proper file type validation in the jobsearch_location_load_excel_file_callback() function. All versions of the plugin up to and including 2.6.7 are affected, enabling potential exploitation that could lead to remote code execution on the affected site's infrastructure.

Affected Version(s)

JobSearch WP Job Board 0 <= 2.6.7

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://codecanyon.net/item/jobsearch-wp-job-board-wordpr...

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 6, 2024

CVE-2024-8615 Data

JSON