← back
CVE-2020-35749

CVE-2020-35749

EPSS 30.5%
Vexday Risk Score
50Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Functional exploit
Popular PoC on GitHub (6 stars) — exploitation code widely available.
CVSS EPSS 30.5%KEV nãoPoC públicaNuclei simMetasploit Patch
Lifecycle
15 Jan 2021Published on NVD
21 Jan 2021Public PoC
Weaponization speed
5 daysto first PoC
Weaponized quickly — attackers prioritized this vulnerability. Patch urgently.
Recommendation: Plan a near-term fix — a public PoC already exists.
Directory traversal vulnerability in class-simple_job_board_resume_download_handler.php in the Simple Board Job plugin 2.9.3 and earlier for WordPress allows remote attackers to read arbitrary files via the sjb_file parameter to wp-admin/post.php.
Affected products
n/a · n/a
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.