CVE-2022-4061

High

7.5/10

Summary

The JobBoardWP WordPress plugin before 1.2.2 does not properly validate file names and types in its file upload functionalities, allowing unauthenticated users to upload arbitrary files such as PHP.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: NONE

References

Advisory Timeline

Published Dec 19, 2022

CVE-2022-4061

Summary

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS