CVE-2024-8615

Name of the Vulnerable Software and Affected Versions: JobSearch WP Job Board plugin for WordPress versions up to, and including, 2.6.7

Description: The issue is related to arbitrary file uploads due to missing file type validation in the jobsearch location load excel file callback() function. This allows unauthenticated attackers to upload arbitrary files on the affected site's server, which may make remote code execution possible.

Recommendations: For versions up to, and including, 2.6.7, update to version 2.6.8 as soon as possible to resolve the issue. As a temporary workaround, consider disabling the jobsearch location load excel file callback() function until a patch is available. Restrict access to the vulnerable plugin to minimize the risk of exploitation. Avoid using the affected plugin until the issue is resolved.