Primary

Context

NotFound WPJobBoard Plugin Cross-Site Request Forgery Vulnerability Allowing Web Shell Upload

Vulnerability

Patched

A Cross-Site Request Forgery (CSRF) vulnerability exists in the NotFound WPJobBoard plugin for WordPress, affecting versions prior to 5.11.1. This vulnerability allows attackers to trick users with higher privileges into performing actions that could lead to the upload of a web shell on the server, potentially allowing for remote code execution.

Impact

Exploitation of this vulnerability could enable remote code execution on the affected server.

Remediation

Users of the NotFound WPJobBoard plugin should update to version 5.11.1 or later. Patchstack users can enable auto-update for vulnerable plugins.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

10.0

exploitability

6.5

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

10.0

exploitability

6.5

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

NotFound WPJobBoard Plugin Cross-Site Request Forgery Vulnerability Allowing Web Shell Upload

Vulnerability

Impact

Remediation

Affected Products

NotFound WPJobBoard

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating