CVE-2022-4061

The JobBoardWP WordPress plugin before 1.2.2 does not properly validate file names and types in its file upload functionalities, allowing unauthenticated users to upload arbitrary files such as PHP.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
WPScanCNA
---
---
CVEADP
---
---
CISA-ADPADP
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 94%
VendorProductVersion
ultimatememberjobboardwp
𝑥
< 1.2.2
𝑥
= Vulnerable software versions
References
https://wpscan.com/vulnerability/fec68e6e-f612-43c8-8301-80f7ae3be665
https://wpscan.com/vulnerability/fec68e6e-f612-43c8-8301-80f7ae3be665