A critical Arbitrary File Upload vulnerability has been uncovered in the widely-used WordPress Job Board and Recruitment Plugin – JobWP Plugin. This vulnerability poses a significant risk to the website’s integrity, potentially enabling malicious actors to upload and execute harmful files, leading to unauthorized access and control.
The Arbitrary File Upload vulnerability was discovered and responsibly reported by MyungJu Kim. The vulnerability is an arbitrary file upload vulnerability that occurs in the jobwp-admin/upload.php file. The vulnerability allows an attacker to upload any type of file to the affected website by sending a specially crafted request. The malicious file will then be stored on the affected website and can be accessed by the attacker.
With a CVSS 3.1 score of 10.0, the Arbitrary File Upload vulnerability in the WordPress Job Board and Recruitment Plugin – JobWP Plugin is classified as critical.
The vulnerability affects WordPress Job Board and Recruitment Plugin – JobWP Plugin versions up to and including version 2.0.
Exploiting this Arbitrary File Upload vulnerability grants unauthorized users the ability to upload and execute malicious files on the affected website. This could lead to data breaches, unauthorized access to sensitive settings, installation of malware, and complete website compromise.
To enhance WordPress security and protect websites from this critical vulnerability, website owners are strongly advised to take the following actions:
- Update Immediately: Update the WordPress Job Board and Recruitment Plugin – JobWP Plugin to version 2.1 or higher without delay. This updated version contains the necessary patch to address the Arbitrary File Upload vulnerability and enhance overall plugin security.
- Regular Security Audits: Conduct periodic security audits of the WordPress website to identify and address potential vulnerabilities proactively.
- Stay Informed: Monitor official updates and announcements regarding the WordPress Job Board and Recruitment Plugin – JobWP Plugin to be informed about any potential fixes or patches.
- Consider Alternatives: If the plugin is not actively maintained consider using alternative plugins that provide similar functionality while ensuring they have a strong security track record and regular updates.