PT-2023-21181 · WordPress · Upload Resume Wordpress Plugin

Yakshita Sharma

Publicado

2023-06-19

Atualizado

2024-12-12

CVE-2023-2751

CVSS v3.1

5.3

Média

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions Upload Resume WordPress plugin versions 1.2.0 and earlier

Description The issue allows unauthenticated visitors to upload arbitrary media files to the site due to a lack of validation of the captcha parameter when uploading a resume via the resume upload form shortcode.

Recommendations For Upload Resume WordPress plugin versions 1.2.0 and earlier, as a temporary workaround, consider disabling the resume upload form shortcode until a patch is available. Restrict access to the media upload functionality to minimize the risk of exploitation. Avoid using the captcha parameter in the affected shortcode until the issue is resolved.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2023-2751

Produtos afetados

Upload Resume Wordpress Plugin

PT-2023-21181 · WordPress · Upload Resume Wordpress Plugin

CVE-2023-2751

Identificadores relacionados

Produtos afetados

Referências · 5