Description
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in EMV JobCareer allows Path Traversal.

This issue affects JobCareer: from n/a through 7.3.
Published: 2026-06-17
Score: 8.6 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Improper limitation of a pathname in the EMV JobCareer WordPress theme allows an attacker to leverage a path traversal weakness to delete arbitrary files on the server. The vulnerability is a classic Path Traversal flaw (CWE‑22) that can lead to loss of critical site data and compromise of site availability. The impact is that an attacker who can exploit this flaw can permanently remove files, potentially disrupting the website or enabling further compromise.

Affected Systems

All releases of the EMV JobCareer WordPress theme up to and including version 7.3 are affected. The vulnerability applies to any installation of the theme that has not been patched to version 7.4 or later, if such a version exists.

Risk and Exploitability

The CVSS score of 8.6 indicates a high severity weakness that can be exploited remotely through the web interface. Although an EPSS score is not provided, the lack of listing in the CISA KEV catalog does not diminish the potential for exploitation. The attack vector is inferred to be a remote web attacker who can send crafted requests to the theme’s deletion endpoint, thereby triggering arbitrary file deletion without local file system access.

Generated by OpenCVE AI on June 18, 2026 at 13:48 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the JobCareer theme to the latest available version that addresses the path traversal flaw (version 7.4 or later).
  • If an update cannot be applied immediately, temporarily disable or remove the file deletion functionality by deactivating the associated theme hook or user capability in WordPress administration.
  • Add a web application firewall rule or similar input validation that blocks HTTP requests containing path traversal patterns such as ".." before the request reaches the theme’s code.

Generated by OpenCVE AI on June 18, 2026 at 13:48 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sun, 21 Jun 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Emv
Emv jobcareer
Wordpress
Wordpress wordpress
Vendors & Products Emv
Emv jobcareer
Wordpress
Wordpress wordpress

Thu, 18 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 17 Jun 2026 14:00:00 +0000

Type Values Removed Values Added
Description Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in EMV JobCareer allows Path Traversal. This issue affects JobCareer: from n/a through 7.3.
Title WordPress JobCareer theme <= 7.3 - Arbitrary File Deletion vulnerability
Weaknesses CWE-22
References
Metrics cvssV3_1

{'score': 8.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H'}


Subscriptions

Emv Jobcareer
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-06-17T14:10:54.535Z

Reserved: 2025-12-29T11:19:37.128Z

Link: CVE-2025-69128

cve-icon Vulnrichment

Updated: 2026-06-17T14:10:51.047Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-20T22:57:32Z

Weaknesses
  • CWE-22

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')