The Upload Resume WordPress plugin through 1.2.0 does not...
Moderate severity
Unreviewed
Published
Jun 19, 2023
to the GitHub Advisory Database
•
Updated Apr 4, 2024
Description
Published by the National Vulnerability Database
Jun 19, 2023
Published to the GitHub Advisory Database
Jun 19, 2023
Last updated
Apr 4, 2024
The Upload Resume WordPress plugin through 1.2.0 does not validate the captcha parameter when uploading a resume via the resume_upload_form shortcode, allowing unauthenticated visitors to upload arbitrary media files to the site.
References