LeakyCreds
NewInstant webhook alerts now available ā€” notified within seconds of any credential detection.Learn more ā†’
Home / Vulnerability Intelligence / CVE-2026-6271

CVE-2026-6271 - Vulnerability Analysis

CriticalCVSS: 9.8

Last Updated: May 14, 2026

Career Section WordPress plugin - Unrestricted File Upload

Published: May 14, 2026Updated: May 14, 2026Remote Exploitable

Overview

Career Section WordPress plugin <= 1.7 contains an arbitrary file upload vulnerability caused by missing file type validation in the CV upload handler, letting unauthenticated attackers upload executable files and achieve remote code execution.

Severity & Score

Severity: Critical
CVSS Score: 9.8
EPSS Score: 13.9%(Probability of exploitation in next 30 days)

Impact

Unauthenticated attackers can upload executable files, leading to remote code execution and full server compromise.

Mitigation

Update to the latest version of the Career Section plugin.

References

Social Media Activity(4 posts)

TheHackerWire
TheHackerWire
@thehackerwire
May 14, 2026

šŸ”“ CVE-2026-6271 - Critical (9.8) The Career Section plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.7 via the CV upload handler. This is due to missing file type validation. This makes it possible for unauthenticated attackers t... šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-6271/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post
OffSequence
OffSequence
@offseq
May 14, 2026

āš ļø CRITICAL: CVE-2026-6271 in shahinurislam Career Section plugin (ā‰¤1.7) lets unauthenticated attackers upload dangerous files ā€” risk of remote code execution. Disable plugin immediately & monitor uploads. https://radar.offseq.com/threat/cve-2026-6271-cwe-434-unrestricted-upload-of-file--9fe22087 #OffSeq #WordPress #RCE #Vulnerability

View original post
TheHackerWire
TheHackerWire
@thehackerwire
May 14, 2026

šŸ”“ CVE-2026-6271 - Critical (9.8) The Career Section plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.7 via the CV upload handler. This is due to missing file type validation. This makes it possible for unauthenticated attackers t... šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-6271/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post
OffSequence
OffSequence
@offseq
May 14, 2026

āš ļø CRITICAL: CVE-2026-6271 in shahinurislam Career Section plugin (ā‰¤1.7) lets unauthenticated attackers upload dangerous files ā€” risk of remote code execution. Disable plugin immediately & monitor uploads. https://radar.offseq.com/threat/cve-2026-6271-cwe-434-unrestricted-upload-of-file--9fe22087 #OffSeq #WordPress #RCE #Vulnerability

View original post

Related Resources

Details

CVE ID
CVE-2026-6271
Severity
Critical
CVSS Score
9.8
Type
unrestricted_file_upload
Status
rejected
EPSS
13.9%
Social Posts
4

CWE

  • CWE-434

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

13.9%Probability of exploitation in the next 30 days