Impact
Improper limitation of a pathname in the EMV JobCareer WordPress theme allows an attacker to leverage a path traversal weakness to delete arbitrary files on the server. The vulnerability is a classic Path Traversal flaw (CWE‑22) that can lead to loss of critical site data and compromise of site availability. The impact is that an attacker who can exploit this flaw can permanently remove files, potentially disrupting the website or enabling further compromise.
Affected Systems
All releases of the EMV JobCareer WordPress theme up to and including version 7.3 are affected. The vulnerability applies to any installation of the theme that has not been patched to version 7.4 or later, if such a version exists.
Risk and Exploitability
The CVSS score of 8.6 indicates a high severity weakness that can be exploited remotely through the web interface. Although an EPSS score is not provided, the lack of listing in the CISA KEV catalog does not diminish the potential for exploitation. The attack vector is inferred to be a remote web attacker who can send crafted requests to the theme’s deletion endpoint, thereby triggering arbitrary file deletion without local file system access.
OpenCVE Enrichment