Critical arbitrary file upload vulnerability in WordPress Job Board and Recruitment Plugin

A critical Arbitrary File Upload vulnerability has been uncovered in the widely-used WordPress Job Board and Recruitment Plugin – JobWP Plugin. This vulnerability poses a significant risk to the website’s integrity, potentially enabling malicious actors to upload and execute harmful files, leading to unauthorized access and control.

The Arbitrary File Upload vulnerability was discovered and responsibly reported by MyungJu Kim. The vulnerability is an arbitrary file upload vulnerability that occurs in the jobwp-admin/upload.php file. The vulnerability allows an attacker to upload any type of file to the affected website by sending a specially crafted request. The malicious file will then be stored on the affected website and can be accessed by the attacker.

Severity:

With a CVSS 3.1 score of 10.0, the Arbitrary File Upload vulnerability in the WordPress Job Board and Recruitment Plugin – JobWP Plugin is classified as critical.

Affected Versions:

The vulnerability affects WordPress Job Board and Recruitment Plugin – JobWP Plugin versions up to and including version 2.0.

Impact:

Exploiting this Arbitrary File Upload vulnerability grants unauthorized users the ability to upload and execute malicious files on the affected website. This could lead to data breaches, unauthorized access to sensitive settings, installation of malware, and complete website compromise.

Recommendation:

To enhance WordPress security and protect websites from this critical vulnerability, website owners are strongly advised to take the following actions:

Update Immediately: Update the WordPress Job Board and Recruitment Plugin – JobWP Plugin to version 2.1 or higher without delay. This updated version contains the necessary patch to address the Arbitrary File Upload vulnerability and enhance overall plugin security.
Regular Security Audits: Conduct periodic security audits of the WordPress website to identify and address potential vulnerabilities proactively.
Stay Informed: Monitor official updates and announcements regarding the WordPress Job Board and Recruitment Plugin – JobWP Plugin to be informed about any potential fixes or patches.
Consider Alternatives: If the plugin is not actively maintained consider using alternative plugins that provide similar functionality while ensuring they have a strong security track record and regular updates.

Critical arbitrary file upload vulnerability in WordPress Job Board and Recruitment Plugin – JobWP plugin

Severity:

Affected Versions:

Impact:

Recommendation:

Related Articles

WordPress WP Matterport Shortcode Plugin Cross-Site Scripting (XSS) Vulnerability

Insecure Direct Object References (IDOR) vulnerability in WordPress Simplr Registration Form Plus+ Plugin

Cross-Site Scripting (XSS) vulnerability in WordPress Funnelforms Free Plugin

SQL Injection vulnerability in WordPress ChatBot Plugin

Immediate Action Required for Media from FTP Plugin

Arbitrary File Deletion vulnerability in WordPress WPvivid Backup and Migration Plugin

Categories

Latest Blog Updates

Unmasking a Persistent Malware Attack on a WordPress Website

Investigating and Resolving High CPU Usage in WordPress Due to Malicious Crawlers

Unmasking a Hidden Malware Attack Targeting Users from Search Results

Critical Broken Access Control Vulnerability in WP Travel Plugin

Critical Broken Access Control Vulnerability in WooODT Lite Plugin

Critical Local File Inclusion Vulnerability in HTML filter and csv-file search Plugin

Critical Remote Code Execution Vulnerability in PHP to Page Plugin