Vulnerability
Upload Resume <= 1.2.0 – Captcha Bypass
Description
The plugin does not validate the captcha parameter when uploading a resume via the resume_upload_form shortcode, allowing unauthenticated visitors to upload arbitrary media files to the site.
CVE-ID
CVE-2023-2751
Vendor
mbbhatti
Product
Upload Resume
Disclosure Timeline
Reported On: 17-03-23
Made Public On: 24-05-23
Fixed On: 18-04-23
Credits
Yakshita Sharma