CVE-2020-35749
CVE-2020-35749
Vexday Risk Score
50Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Functional exploit
Popular PoC on GitHub (6 stars) — exploitation code widely available.
CVSS —EPSS 30.5%KEV nãoPoC públicaNuclei simMetasploit —Patch —
Lifecycle
15 Jan 2021Published on NVD
21 Jan 2021Public PoC
Weaponization speed
5 daysto first PoC
Weaponized quickly — attackers prioritized this vulnerability. Patch urgently.
Recommendation: Plan a near-term fix — a public PoC already exists.
Directory traversal vulnerability in class-simple_job_board_resume_download_handler.php in the Simple Board Job plugin 2.9.3 and earlier for WordPress allows remote attackers to read arbitrary files via the sjb_file parameter to wp-admin/post.php.
Affected products
n/a · n/apublic PoCs found — 5
githubgithub.com/M4xSec/Wordpress-CVE-2020-35749★ 6cve_referencepacketstormsecurity.com/files/161050/Simple-JobBoard-Authenticated-File-Read.htmlunverifiedcve_referencepacketstormsecurity.com/files/165892/WordPress-Simple-Job-Board-2.9.3-Local-File-Inclusion.htmlunverifiedexploitdbwww.exploit-db.com/exploits/49450unverifiedexploitdbwww.exploit-db.com/exploits/50721unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.