CVE-2024-43243

Critical

Published: 07 January 2025

Published

07 January 2025

Modified

23 April 2026

KEV Added

—

Patch

—

CVSS Score 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

EPSS Score 0.0089 75.6th percentile

Risk Priority 21 60% EPSS · 20% KEV · 20% CVSS

Description

Unrestricted Upload of File with Dangerous Type vulnerability in themeglow JobBoard Job listing job-board-light allows Upload a Web Shell to a Web Server.This issue affects JobBoard Job listing: from n/a through <= 1.2.6.

Security Summary

CVE-2024-43243 is an Unrestricted Upload of File with Dangerous Type vulnerability (CWE-434) in the WordPress plugin JobBoard Job listing, also known as job-board-light, developed by themeglow. The flaw allows attackers to upload web shells to the web server and affects all versions from n/a through 1.2.6.

With a CVSS v3.1 base score of 10.0 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H), the vulnerability is exploitable over the network by unauthenticated attackers requiring low complexity and no user interaction. Successful exploitation enables remote attackers to upload malicious files like web shells, resulting in high impacts to confidentiality, integrity, and availability, with a change in scope that amplifies the compromise to the server environment.

The Patchstack advisory at https://patchstack.com/database/Wordpress/Plugin/job-board-light/vulnerability/wordpress-jobboard-job-listing-plugin-1-2-6-arbitrary-file-upload-vulnerability?_s_id=cve documents this arbitrary file upload vulnerability in version 1.2.6, providing details for security practitioners to assess and address exposure in affected WordPress installations.

Details

CWE(s): CWE-434

References

https://patchstack.com/database/Wordpress/Plugin/job-board-light/vulnerability/wordpress-jobboard-job-listing-plugin-1-2-6-arbitrary-file-upload-vulnerability?_s_id=cve
audit@patchstack.com