CVE-2023-2751: Upload Resume <= 1.2.0 - Captcha Bypass

0.0 CVSS

Description

The Upload Resume WordPress plugin through 1.2.0 does not validate the captcha parameter when uploading a resume via the resume_upload_form shortcode, allowing unauthenticated visitors to upload arbitrary media files to the site.

Classification

CVE ID: CVE-2023-2751

CVSS Base Severity: LOW

CVSS Base Score: 0.0

Affected Products

Vendor: Unknown

Product: Upload Resume

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.08% (probability of being exploited)

EPSS Percentile: 37.68% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://wpscan.com/vulnerability/1b0fe0ac-d0d1-473d-af5b-dad6217933d4

Timeline

2024-12-12 00:30:34 UTC
CVE

Upload Resume <= 1.2.0 - Captcha Bypass