WordPress · Upload Resume Wordpress Plugin · CVE-2023-2751
**Name of the Vulnerable Software and Affected Versions**
Upload Resume WordPress plugin versions 1.2.0 and earlier
**Description**
The issue allows unauthenticated visitors to upload arbitrary media files to the site due to a lack of validation of the `captcha` parameter when uploading a resume via the `resume upload form` shortcode.
**Recommendations**
For Upload Resume WordPress plugin versions 1.2.0 and earlier, as a temporary workaround, consider disabling the `resume upload form` shortcode until a patch is available.
Restrict access to the media upload functionality to minimize the risk of exploitation.
Avoid using the `captcha` parameter in the affected shortcode until the issue is resolved.