PT-2026-40890 · WordPress · Career Section

Paolo Tresso

·

Published

2026-05-14

·

Updated

2026-05-14

·

CVE-2026-6271

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Career Section versions prior to 1.8
Description The Career Section plugin for WordPress allows unauthenticated attackers to perform arbitrary file uploads through the CV upload handler. This issue stems from a lack of file type validation, enabling the upload of executable files that can lead to remote code execution.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-6271

Affected Products

Career Section