Shahinurislam Career Section vulnerabilities
2 known vulnerabilities affecting shahinurislam/career_section.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1
Vulnerabilities
Page 1 of 1
CVE-2026-6271P2CRITICALCVSS 9.8≤ 1.72026-05-14
CVE-2026-6271 [CRITICAL] CWE-434 CVE-2026-6271: The Career Section plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to
The Career Section plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.7 via the CV upload handler. This is due to missing file type validation. This makes it possible for unauthenticated attackers to upload files that may be executable, which makes remote code execution possible.
nvd
CVE-2025-14868P3HIGHCVSS 8.8≤ 1.62026-04-16
CVE-2025-14868 [HIGH] CWE-22 CVE-2025-14868: The Career Section plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to Path
The Career Section plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to Path Traversal and Arbitrary File Deletion in all versions up to, and including, 1.6. This is due to missing nonce validation and insufficient file path validation on the delete action in the 'appform_options_page_html' function. This makes it possible for una
nvd