WordPress Plugin Vulnerabilities

Upload Resume <= 1.2.0 - Captcha Bypass

Description

The plugin does not validate the captcha parameter when uploading a resume via the resume_upload_form shortcode, allowing unauthenticated visitors to upload arbitrary media files to the site.

Proof of Concept

Affects Plugins

Plugin icon
resume-upload-form
No known fix

References

CVE
CVE-2023-2751
YouTube Video

Miscellaneous

Original Researcher
Yakshita Sharma
Submitter
Yakshita Sharma
Submitter twitter
hAck3rio
Verified
Yes
WPVDB ID
1b0fe0ac-d0d1-473d-af5b-dad6217933d4

Timeline

Publicly Published
2023-05-24 (about 2 years ago)
Added
2023-05-24 (about 2 years ago)
Last Updated
2023-05-24 (about 2 years ago)

Other

Published
Title
Published
2024-08-30
Title
WP Cerber Security < 9.5 - IP Protection Bypass
Published
2017-03-17
Title
Invite Anyone <= 1.3.14 - Change of Email Invitation Content
Published
2022-11-09
Title
Better Messages < 1.9.10.71 - Subscriber+ Messaging Block Bypass
Published
2016-07-06
Title
WP Maintenance Mode <= 2.0.6 - Subscriber Information Disclosure
Published
2015-02-03
Title
UpdraftPlus <= 1.9.50 - Privilege Escalation via Nonce Leakage