EIP-2026-114009

PRE-CVE

WordPress Plugin Resume Submissions & Job Postings 2.5.1 - Unrestricted Arbitrary File Upload

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-114009. PoCs published by Chris Kellum.

AI-analyzed exploit summary This exploit demonstrates an unrestricted file upload vulnerability in WordPress Resume Submissions & Job Postings v2.5.1, allowing attackers to upload arbitrary files (e.g., PHP shells) to the server. The file name is predictable via MD5 hashing of the server timestamp, enabling direct access to the uploaded file.

Description

WordPress Plugin Resume Submissions & Job Postings 2.5.1 - Unrestricted Arbitrary File Upload

Exploits (1)

exploitdb WORKING POC

by Chris Kellum · textwebappsphp

https://www.exploit-db.com/exploits/19791

View Code ZIP pw:eip

This exploit demonstrates an unrestricted file upload vulnerability in WordPress Resume Submissions & Job Postings v2.5.1, allowing attackers to upload arbitrary files (e.g., PHP shells) to the server. The file name is predictable via MD5 hashing of the server timestamp, enabling direct access to the uploaded file.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: WordPress Resume Submissions & Job Postings v2.5.1

No auth needed

Prerequisites: Access to the resume submission form · Ability to intercept server responses (e.g., Burp Suite)

MITRE ATT&CK

T1105 - Ingress Tool Transfer T1505.003 - Web Shell

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026