Plattform
wordpress
Komponente
wp-job-portal
Behoben in
2.5.0
CVE-2026-4758 is a Remote Code Execution (RCE) vulnerability affecting the WP Job Portal plugin for WordPress. This vulnerability allows authenticated attackers with Subscriber-level access or higher to delete arbitrary files on the server due to insufficient file path validation. Successful exploitation can lead to remote code execution, especially if critical files like 'wp-config.php' are deleted. The vulnerability affects all versions up to and including 2.4.9, and it has been fixed in version 2.5.0.
The primary impact of CVE-2026-4758 is the ability for an authenticated attacker (Subscriber level or higher) to delete files on the server. While the vulnerability itself is an arbitrary file deletion, the potential for remote code execution arises if critical configuration files, such as wp-config.php, are targeted and deleted. Deletion of wp-config.php would effectively grant the attacker complete control over the WordPress installation, allowing them to modify the database, install malicious code, and compromise the entire website. This could lead to data breaches, website defacement, and further exploitation of the server.
CVE-2026-4758 was publicly disclosed on March 25, 2026. While no public proof-of-concept (PoC) has been released at the time of writing, the ease of exploitation (requiring only Subscriber-level access) suggests a moderate risk of exploitation. The vulnerability has not been added to the CISA KEV catalog as of this date. Active campaigns targeting WordPress plugins are common, so vigilance is advised.
Exploit-Status
EPSS
0.28% (51% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2026-4758 is to immediately upgrade the WP Job Portal plugin to version 2.5.0 or later. If upgrading is not immediately feasible, consider restricting file permissions on the WordPress installation to limit the attacker's ability to delete files. Implement a Web Application Firewall (WAF) with rules to block suspicious file deletion attempts. Regularly review WordPress user roles and permissions to ensure that only authorized users have access to administrative functions. After upgrading, confirm the vulnerability is resolved by attempting a file deletion operation (which should now be blocked).
Aktualisieren Sie auf Version 2.5.0 oder eine neuere gepatchte Version
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
It's a security vulnerability in the WP Job Portal plugin that allows for arbitrary file deletion.
All versions up to and including 2.4.9 are vulnerable to this vulnerability.
Update the WP Job Portal plugin to version 2.5.0 or later.
Restrict permissions for users with Subscriber roles or higher and monitor server logs.
If you suspect your website has been compromised, perform a thorough security audit and consider restoring from a clean backup.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.