← back
CVE-2022-4061

JobBoardWP < 1.2.2 - Unauthenticated Arbitrary File Upload

CVSS 7.5 HIGHEPSS 1.4%
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 7.5EPSS 1.4%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
19 Dec 2022Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The JobBoardWP WordPress plugin before 1.2.2 does not properly validate file names and types in its file upload functionalities, allowing unauthenticated users to upload arbitrary files such as PHP.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Affected products
Unknown · JobBoardWP

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://wpscan.com/vulnerability/fec68e6e-f612-43c8-8301-80f7ae3be665