WordPress Plugin Vulnerabilities

JobBoardWP < 1.2.2 - Unauthenticated Arbitrary File Upload

Description

The plugin does not properly validate file names and types in its file upload functionalities, allowing unauthenticated users to upload arbitrary files such as PHP.

Proof of Concept

Affects Plugins

Plugin icon
jobboardwp
Fixed in 1.2.2

References

CVE
CVE-2022-4061

Miscellaneous

Original Researcher
cydave
Submitter
cydave
Submitter website
https://cyllective.com/
Submitter twitter
cyllective
Verified
Yes
WPVDB ID
fec68e6e-f612-43c8-8301-80f7ae3be665

Timeline

Publicly Published
2022-11-28 (about 3 years ago)
Added
2022-11-28 (about 3 years ago)
Last Updated
2022-12-08 (about 3 years ago)

Other

Published
Title
Published
2025-12-09
Title
Video Merchant <= 5.0.4 - Cross-Site Request Forgery to Arbitrary File Upload
Published
2014-08-01
Title
Ray of Light - Remote File Upload
Published
2023-12-27
Title
JVM rich text icons < 1.2.4 - Subscriber+ Arbitrary File Upload
Published
2014-09-17
Title
Slideshow Gallery < 1.4.7 - Arbitrary File Upload
Published
2025-05-16
Title
STAGGS < 2.12.0 - Unauthenticated Arbitrary File Upload