CVE-2022-4061

EUVD-2022-51438
The JobBoardWP WordPress plugin before 1.2.2 does not properly validate file names and types in its file upload functionalities, allowing unauthenticated users to upload arbitrary files such as PHP.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CISA-ADPADP
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 95%
Affected Products (NVD)
VendorProductVersion
ultimatememberjobboardwp
𝑥
< 1.2.2
𝑥
= Vulnerable software versions
References
https://wpscan.com/vulnerability/fec68e6e-f612-43c8-8301-80f7ae3be665
https://wpscan.com/vulnerability/fec68e6e-f612-43c8-8301-80f7ae3be665