An arbitrary file upload vulnerability has been identified in the WordPress Job Board and Recruitment Plugin – JobWP plugin. The Arbitrary File Upload vulnerability was discovered and responsibly reported by MyungJu Kim.

The vulnerability is an arbitrary file upload vulnerability that occurs in the jobwp-admin/upload.php file. The vulnerability allows an attacker to upload any type of file to the affected website by sending a specially crafted request. The malicious file will then be stored on the affected website and can be accessed by the attacker.


The vulnerability has a CVSS 3.1 score of 10.0, which is considered to be critical. This means that the vulnerability is very likely to be exploited and could have a significant impact on the affected system.

Affected Versions

The vulnerability affects JobWP plugin versions prior to 2.1.


An attacker who successfully exploits this vulnerability could upload any type of file to the affected website. This could include malicious files such as backdoors or malware. These files could then be used to gain unauthorized access to the affected website, steal sensitive data, or disrupt the website’s operation.


To enhance WordPress security and protect websites from this critical vulnerability, website owners are strongly advised to take the following actions:

  1. Update to the Latest Version: Update the WordPress Job Board and Recruitment Plugin – JobWP to version 2.1 or higher without delay. The latest version contains essential patches to eliminate the Arbitrary File Upload vulnerability and bolster overall plugin security.
  2. Regular Security Audits: Conduct periodic security audits of the WordPress website to identify and address potential vulnerabilities proactively.
  3. Stay Informed: Continuously monitor official updates and announcements regarding the Job Board and Recruitment Plugin – JobWP to be informed about any potential fixes or patches.
  4. Consider Security Assistance: Consult with WordPress security experts or developers to assess the potential impact on your website and implement additional security measures if necessary.