The plugin does not validate the captcha parameter when uploading a resume via the resume_upload_form shortcode, allowing unauthenticated visitors to upload arbitrary media files to the site.
The PoC will be displayed once the issue has been remediated
CPE | Name | Operator | Version |
---|---|---|---|
resume-upload-form | eq | * |