CVE-2026-6271
published 2026-05-14CVE-2026-6271: The Career Section plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.7 via the CV upload handler. This is due…
PriorityP270critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.66%
47.1th percentile
The Career Section plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.7 via the CV upload handler. This is due to missing file type validation. This makes it possible for unauthenticated attackers to upload files that may be executable, which makes remote code execution possible.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| shahinurislam | career_section | <= 1.7 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-7fx9-263h-9gmp: The Career Section plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1
ghsa_unreviewed·2026-05-14
CVE-2026-6271 [CRITICAL] CWE-434 GHSA-7fx9-263h-9gmp: The Career Section plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1
The Career Section plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.7 via the CV upload handler. This is due to missing file type validation. This makes it possible for unauthenticated attackers to upload files that may be executable, which makes remote code execution possible.
Citrix
Citrix Security Bulletin CTX200223
vendor_citrix·CVSS 9.8
CVE-2014-6271 [CRITICAL] Citrix Security Bulletin CTX200223
Citrix Security Bulletin CTX200223
CVE References: CVE-2014-6271, CVE-2014-7169, CVE-2025-12101, CVE-2025-62626, CVE-2026-23554, CVE-2026-3055, CVE-2026-4368, CVE-2026-4397
Affected Products: Citrix ADM, Citrix Hypervisor, Citrix Virtual Apps and Desktops, Endpoint Management, NetScaler ADC, NetScaler Gateway, XenServer
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://plugins.trac.wordpress.org/changeset/3507785/career-sectionhttps://plugins.trac.wordpress.org/changeset/3507912/career-sectionhttps://plugins.trac.wordpress.org/changeset/3507917/career-sectionhttps://www.wordfence.com/threat-intel/vulnerabilities/id/005d1abc-761d-4f9a-bc21-aad63e8efd66?source=cve
2026-05-14
Published