Critical arbitrary file upload vulnerability in WordPress Job Board and Recruitment Plugin

An arbitrary file upload vulnerability has been identified in the WordPress Job Board and Recruitment Plugin – JobWP plugin. The Arbitrary File Upload vulnerability was discovered and responsibly reported by MyungJu Kim.

The vulnerability is an arbitrary file upload vulnerability that occurs in the jobwp-admin/upload.php file. The vulnerability allows an attacker to upload any type of file to the affected website by sending a specially crafted request. The malicious file will then be stored on the affected website and can be accessed by the attacker.

Severity

The vulnerability has a CVSS 3.1 score of 10.0, which is considered to be critical. This means that the vulnerability is very likely to be exploited and could have a significant impact on the affected system.

Affected Versions

The vulnerability affects JobWP plugin versions prior to 2.1.

Impact

An attacker who successfully exploits this vulnerability could upload any type of file to the affected website. This could include malicious files such as backdoors or malware. These files could then be used to gain unauthorized access to the affected website, steal sensitive data, or disrupt the website’s operation.

Recommendation

To enhance WordPress security and protect websites from this critical vulnerability, website owners are strongly advised to take the following actions:

Update to the Latest Version: Update the WordPress Job Board and Recruitment Plugin – JobWP to version 2.1 or higher without delay. The latest version contains essential patches to eliminate the Arbitrary File Upload vulnerability and bolster overall plugin security.
Regular Security Audits: Conduct periodic security audits of the WordPress website to identify and address potential vulnerabilities proactively.
Stay Informed: Continuously monitor official updates and announcements regarding the Job Board and Recruitment Plugin – JobWP to be informed about any potential fixes or patches.
Consider Security Assistance: Consult with WordPress security experts or developers to assess the potential impact on your website and implement additional security measures if necessary.

Critical arbitrary file upload vulnerability in WordPress Job Board and Recruitment Plugin

Severity

Affected Versions

Impact

Recommendation

Related Articles

Critical BAC vulnerability in WordPress InstaWP Connect Plugin

Privilege Escalation vulnerability in WordPress BAN Users Plugin

Cross-Site Scripting (XSS) vulnerability in WordPress Simple Membership Plugin

Arbitrary File Deletion vulnerability in WordPress ChatBot Plugin

Addressing High-Severity XSS Vulnerability in WordPress Authors List Plugin

Critical Remote Code Execution Vulnerability in PHP to Page Plugin

Categories

Latest Blog Updates

Unmasking a Persistent Malware Attack on a WordPress Website

Investigating and Resolving High CPU Usage in WordPress Due to Malicious Crawlers

Unmasking a Hidden Malware Attack Targeting Users from Search Results

Critical Broken Access Control Vulnerability in WP Travel Plugin

Critical Broken Access Control Vulnerability in WooODT Lite Plugin

Critical Local File Inclusion Vulnerability in HTML filter and csv-file search Plugin

Critical Remote Code Execution Vulnerability in PHP to Page Plugin