CVE-2022-4061

2022-12-1914:15:12

[email protected]

web.nvd.nist.gov

cve-2022-4061

jobboardwp

wordpress

plugin

file upload

security vulnerability

nvd

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

0.002 Low

EPSS

Percentile

52.9%

JSON

The JobBoardWP WordPress plugin before 1.2.2 does not properly validate file names and types in its file upload functionalities, allowing unauthenticated users to upload arbitrary files such as PHP.

Affected configurations

Vulners

NVD

Node

ultimatememberjobboardwpRange<1.2.2

VendorProductVersionCPE
ultimatememberjobboardwp*cpe:2.3:a:ultimatemember:jobboardwp:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ultimatemember	jobboardwp	*	cpe:2.3:a:ultimatemember:jobboardwp::::::::

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "JobBoardWP",
    "collectionURL": "https://wordpress.org/plugins",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "1.2.2"
      }
    ],
    "defaultStatus": "unaffected"
  }
]