CVE-2023-6585 – The WP JobSearch WordPress plugin before versio... (How to Fix)

Q: What is the severity of CVE-2023-6585?

CVE-2023-6585 has a CVSS score of 7.5 (HIGH). The WP JobSearch WordPress plugin before version 2.3.4 lacks file upload validation, allowing unauthenticated attackers to upload arbitrary files (including PHP files) to the server. This affects all WordPress sites running vulnerable versions of the WP JobSearch plugin.

📋 TL;DR

The WP JobSearch WordPress plugin before version 2.3.4 lacks file upload validation, allowing unauthenticated attackers to upload arbitrary files (including PHP files) to the server. This affects all WordPress sites running vulnerable versions of the WP JobSearch plugin.

💻 Affected Systems

Products:

WP JobSearch WordPress Plugin

Versions: All versions before 2.3.4

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Requires plugin to be installed and active on WordPress site.

📦 What is this software?

Jobsearch Wp Job Board by Eyecix

View all CVEs affecting Jobsearch Wp Job Board →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete server compromise, data theft, malware distribution, or website defacement.

🟠

Likely Case

Attackers upload web shells to gain persistent access, install backdoors, or deploy ransomware.

🟢

If Mitigated

Limited impact if file uploads are restricted at web server level or security plugins block malicious uploads.

🌐 Internet-Facing: HIGH

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Simple HTTP POST request with malicious file upload, no authentication required.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.3.4

Vendor Advisory: https://wpscan.com/vulnerability/757412f4-e4f8-4007-8e3b-639a72b33180/

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find WP JobSearch plugin. 4. Click 'Update Now' if update available. 5. If manual update needed, download version 2.3.4+ from WordPress repository, replace plugin files via FTP/SFTP.

🔧 Temporary Workarounds

Disable plugin

all

Temporarily deactivate WP JobSearch plugin until patched.

wp plugin deactivate wp-jobsearch

Restrict file uploads via .htaccess

linux

Block PHP file uploads in WordPress uploads directory.

<FilesMatch "\.(php|php5|php7|phtml|phar)$">
    Order Allow,Deny
    Deny from all
</FilesMatch>

🧯 If You Can't Patch

Implement web application firewall (WAF) rules to block malicious file upload patterns.
Restrict file permissions on uploads directory to prevent execution.

🔍 How to Verify

Check if Vulnerable:

Check plugin version in WordPress admin under Plugins > Installed Plugins. If WP JobSearch version is below 2.3.4, site is vulnerable.

Check Version:

wp plugin get wp-jobsearch --field=version

Verify Fix Applied:

Confirm plugin version is 2.3.4 or higher in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

Unusual file uploads to /wp-content/uploads/jobsearch-locations/ or similar plugin directories
POST requests to plugin-specific upload endpoints from unauthenticated users

Network Indicators:

HTTP POST requests with file uploads to jobsearch plugin paths without authentication headers

SIEM Query:

source="web_logs" AND (uri_path="/wp-content/plugins/wp-jobsearch/" OR uri_path CONTAINS "jobsearch") AND http_method="POST" AND (user_agent CONTAINS "curl" OR user_agent CONTAINS "wget" OR user_agent="-")

📊 Metadata

CVE ID: CVE-2023-6585

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Published: February 27, 2024

Last Updated: May 1, 2025

🔗 References

https://wpscan.com/vulnerability/757412f4-e4f8-4007-8e3b-639a72b33180/ Exploit,Third Party Advisory
https://wpscan.com/vulnerability/757412f4-e4f8-4007-8e3b-639a72b33180/ Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON