Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.8
CVE-2026-6271: Career Section plugin for WordPress allows attackers to upload malicious files
CVE-2026-6271
Summary
The Career Section plugin for WordPress, in versions up to 1.7, allows unauthenticated attackers to upload files that could potentially contain malicious code. This could allow attackers to execute code on the website, potentially leading to unauthorized access or data loss. To protect your website, update the Career Section plugin to a version higher than 1.7.
Original title
The Career Section plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.7 via the CV upload handler. This is due to missing file type validation. This...
Original description
The Career Section plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.7 via the CV upload handler. This is due to missing file type validation. This makes it possible for unauthenticated attackers to upload files that may be executable, which makes remote code execution possible.
nvd CVSS3.1
9.8
Vulnerability type
CWE-434
Unrestricted File Upload
Published: 14 May 2026 · Updated: 28 May 2026 · First seen: 14 May 2026