CVE-2024-8615

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Nov 6, 2024

Updated: Nov 8, 2024

CWE ID 434

Summary

CVE-2024-8615 is a vulnerability affecting the JobSearch WP Job Board plugin for WordPress. The issue stems from the lack of file type validation in the jobsearch_location_load_excel_file_callback() function, which is present in all versions up to 2.6.7. This oversight paves the way for unauthenticated attackers to upload arbitrary files on the targeted site's server. The uploaded files may contain malicious code, potentially enabling remote code execution, posing a significant security risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/yetgEV
https://www.cve.org/CVERecord?id=CVE-2024-8615
https://nvd.nist.gov/vuln/detail/CVE-2024-8615

Back to Vulnerability Database

CVE-2024-8615

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations