ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Resume Submissions & Job Postings Plugin - Unrestricted File Upload

Product
Resume Submissions & Job Postings
Description
Resume Submissions & Job Postings plugin is prone to an unrestricted file upload vulnerability. It causes several problems: uploaded file can be accessed directly by understanding how the plugin renames files, file names are rewritten by the following code, also the plugin creates an MD5 hash of the server date and time and appends number of the upload and a hyphen.
Solution
Update the plugin.
Classification
Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
References
Exploit-DB
CVE
Name CVE-N/A
Versions
Affected In <= 2.5.1
Fixed In 2.5.2
Disclosure date
2012-07-13
Credits
Chris Kellum