CVE-2024-8614 – The JobSearch WP Job Board WordPress plugin all... (How to Fix)

📋 TL;DR

The JobSearch WP Job Board WordPress plugin allows authenticated users with subscriber-level access or higher to upload arbitrary files due to missing file type validation. This vulnerability can lead to remote code execution on affected WordPress sites. All sites using this plugin up to version 2.6.7 are vulnerable.

💻 Affected Systems

Products:

JobSearch WP Job Board WordPress Plugin

Versions: All versions up to and including 2.6.7

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated user with at least subscriber role. WordPress multisite installations may also be affected.

📦 What is this software?

Jobsearch Wp Job Board by Eyecix

View all CVEs affecting Jobsearch Wp Job Board →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain full server control via remote code execution, leading to data theft, site defacement, malware distribution, or complete system compromise.

🟠

Likely Case

Attackers upload web shells or malicious scripts to execute arbitrary commands, potentially gaining administrative access to the WordPress site and server.

🟢

If Mitigated

With proper file upload restrictions and security controls, impact is limited to unauthorized file storage but not execution.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires subscriber-level credentials. Attack tools targeting WordPress vulnerabilities are commonly available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.6.8 or later

Vendor Advisory: https://codecanyon.net/item/jobsearch-wp-job-board-wordpress-plugin/21066856

Restart Required: No

Instructions:

1. Log into WordPress admin panel
2. Navigate to Plugins → Installed Plugins
3. Find JobSearch WP Job Board plugin
4. Click 'Update Now' if update available
5. If no update available, download latest version from CodeCanyon
6. Deactivate old plugin, upload new version, activate

🔧 Temporary Workarounds

Disable Plugin

all

Temporarily disable the vulnerable plugin until patched

wp plugin deactivate jobsearch-wp-job-board

Restrict File Uploads

linux

Add .htaccess rules to block execution of uploaded files in uploads directory

Add to wp-content/uploads/.htaccess: <FilesMatch "\.(php|php5|php7|phtml|phar)$">
    Order Deny,Allow
    Deny from all
</FilesMatch>

🧯 If You Can't Patch

Remove subscriber upload capabilities via user role editor plugin
Implement web application firewall with file upload protection rules

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin → Plugins → JobSearch WP Job Board → Version number. If version ≤ 2.6.7, vulnerable.

Check Version:

wp plugin get jobsearch-wp-job-board --field=version

Verify Fix Applied:

Confirm plugin version is 2.6.8 or higher in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

Unusual file uploads to /wp-content/uploads/jobsearch-uploads/
POST requests to /wp-admin/admin-ajax.php with action=jobsearch_wp_handle_upload
Execution of PHP files from uploads directory

Network Indicators:

HTTP POST requests with file uploads to WordPress admin endpoints from subscriber accounts

SIEM Query:

source="wordpress.log" AND ("jobsearch_wp_handle_upload" OR "/jobsearch-uploads/") AND file_extension IN ("php", "phtml", "phar")

📊 Metadata

CVE ID: CVE-2024-8614

CVSS v3 Score: 9.9 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-434

Published: November 6, 2024

Last Updated: November 8, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-8614, you might also want to check these: