Career Section

9.8 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

The Career Section plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.7 via the CV upload handler. This is due to missing file type validation. This makes it possible for unauthenticated attackers to upload files that may be executable, which makes remote code execution possible.

AI Analysis

Arbitrary File Upload vulnerability in Career Section plugin for WordPress due to missing file type validation, allowing unauthenticated attackers to upload executable files and enabling remote code execution.

Basic Information

ID CVE-2026-6271

Source Wordfence

Published May 14, 2026 at 06:44

Affected Product

Vendor shahinurislam

Product Career Section

Affected Versions shahinurislam Career Section 0

CWE Classification

CWE-434

AI Assessment

AI Score 9.8 / 10

AI Severity Critical

Vendor shahinurislam

Product Career Section

Version 1.7 and below

References

{
    "lastseen": "",
    "description": "The Career Section plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.7 via the CV upload handler. This is due to missing file type validation. This makes it possible for unauthenticated attackers to upload files that may be executable, which makes remote code execution possible.",
    "published": "2026-05-14T06:44:08.899Z",
    "modified": "2026-05-14T06:44:08.899Z",
    "type": "cve",
    "title": "Career Section <= 1.7 -  Unauthenticated Arbitrary File Upload",
    "source": "Wordfence",
    "references": "https://www.wordfence.com/threat-intel/vulnerabilities/id/005d1abc-761d-4f9a-bc21-aad63e8efd66?source=cve\nhttps://plugins.trac.wordpress.org/changeset/3507917/career-section\nhttps://plugins.trac.wordpress.org/changeset/3507912/career-section\nhttps://plugins.trac.wordpress.org/changeset/3507785/career-section",
    "id": "CVE-2026-6271",
    "bulletinFamily": "",
    "cwe": [
        "CWE-434"
    ],
    "cvelist": null,
    "sourceData": "shahinurislam Career Section 0",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Career Section",
    "version": "0",
    "vendor": "shahinurislam",
    "ai_description": "Arbitrary File Upload vulnerability in Career Section plugin for WordPress due to missing file type validation, allowing unauthenticated attackers to upload executable files and enabling remote code execution.",
    "ai_severity": "Critical",
    "ai_vendor": "shahinurislam",
    "ai_product": "Career Section",
    "ai_version": "1.7 and below",
    "ai_score": 9.8
}

Career Section <= 1.7 - Unauthenticated Arbitrary File Upload_CVE-2026-6271