CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2023-29384

CVSS 10.0v3.1pub. 2023-12-20upd. 2026-04-28

Unrestricted Upload of File with Dangerous Type vulnerability in HM Plugin WordPress Job Board and Recruitment Plugin – JobWP.This issue affects WordPress Job Board and Recruitment Plugin – JobWP: from n/a through 2.0.

🤖 AI Analysis
How it works

The vulnerability classified as CWE-434 consists of the lack of proper validation and restrictions on the types of uploaded files. An unauthenticated attacker can remotely upload an executable file (e.g., PHP webshell) to the WordPress server. Once the malicious file is placed, it is possible to execute it directly in the context of the web server, which leads to full takeover of control over the application and system.

Impact

An attacker can gain full control over the server, including reading and modifying sensitive data, installing backdoors, and the ability to perform further lateral movement within the infrastructure. The scope of compromise includes confidentiality, integrity, and availability of the system to a critical degree.

Mitigation & patch

The JobWP plugin should be immediately updated to a version higher than 2.0 through the WordPress admin panel or apply patches available from the vendor according to references published by Patchstack. Until the update is applied, consider disabling the plugin.

Who is affected

WordPress Job Board and Recruitment Plugin – JobWP in versions from the beginning of the plugin's existence through version 2.0 inclusive.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
  • Hmplugin Jobwp

    APP
    Hmplugin
    ≤ 2.0
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References

Related vulnerabilities

CVE-2023-48288HIGH7.5ten sam produkt

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HM Plugin WordPress Job Board and ...

CVE-2021-24602HIGH8.8ten sam vendor

The HM Multiple Roles WordPress plugin before 1.3 does not have any access control to prevent low privilege us...

CVE-2024-50459MEDIUM5.3ten sam vendor

Missing Authorization vulnerability in Hossni Mubarak AidWP wp-stripe-donation allows Exploiting Incorrectly C...

CVE-2023-23705MEDIUM4.3ten sam vendor

Cross-Site Request Forgery (CSRF) vulnerability in HM Plugin WordPress Books Gallery plugin <= 4.4.8 versions.

CVE-2022-47422MEDIUM4.3ten sam vendor

Cross-Site Request Forgery (CSRF) vulnerability in HM Plugin Accept Stripe Donation – AidWP plugin <= 3.1.5 ve...