Cyber Resilience

CVE-2022-4061

HighPublic PoC

Published: 19 December 2022

Published
19 December 2022
Modified
17 April 2025
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS Score 0.2725 96.5th percentile
Risk Priority 31 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-4061 is a high-severity an unspecified weakness vulnerability in Ultimatemember Jobboardwp. Its CVSS base score is 7.5 (High).

Operationally, ranked in the top 3.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

The vulnerability CVE-2022-4061 affects the JobBoardWP WordPress plugin prior to version 1.2.2. Its file upload functionalities lack proper validation of file names and types, which permits the upload of arbitrary files such as PHP scripts.

Unauthenticated attackers can exploit the flaw over the network with low complexity and no required user interaction. Successful exploitation allows them to upload malicious files and achieve high integrity impact on the affected site, consistent with the reported CVSS 7.5 score.

The WPScan advisory linked in the references identifies the missing validation and indicates that the issue is resolved by updating to JobBoardWP 1.2.2 or later. The EPSS score has remained steady at its peak value of 0.2725 with no material rise after disclosure.

EU & UK References

Vulnerability details

The JobBoardWP WordPress plugin before 1.2.2 does not properly validate file names and types in its file upload functionalities, allowing unauthenticated users to upload arbitrary files such as PHP.

CWE(s)
None listed

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

ultimatemember
jobboardwp
≤ 1.2.2

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References