CVE-2025-30967

CRITICAL

WPJobBoard < 5.11.1 - Cross-Site Request Forgery to Remote Code Execution

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-30967. PoCs published by Anton-ai111.

AI-analyzed exploit summary This exploit targets CVE-2025-30967, which appears to be an OGNL injection vulnerability in Apache Struts 2. The PoC sends a malicious Content-Type header with an OGNL payload to execute arbitrary commands (e.g., 'id') on the target system.

Description

Cross-Site Request Forgery (CSRF) vulnerability in NotFound WPJobBoard allows Upload a Web Shell to a Web Server. This issue affects WPJobBoard: from n/a through n/a.

Exploits (1)

nomisec WORKING POC 1 stars
by Anton-ai111 · poc
https://github.com/Anton-ai111/CVE-2025-30967

This exploit targets CVE-2025-30967, which appears to be an OGNL injection vulnerability in Apache Struts 2. The PoC sends a malicious Content-Type header with an OGNL payload to execute arbitrary commands (e.g., 'id') on the target system.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Apache Struts 2 (version not specified)
No auth needed
Prerequisites: Target running vulnerable Apache Struts 2 instance · Network access to the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 9.6
EPSS 0.0020
EPSS Percentile 10.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-352
Status published
Products (1)
NotFound/WPJobBoard < 5.11.1
Published Apr 15, 2025
Tracked Since Feb 18, 2026