WP Job Manager permission escalation RCE
WP Job Manager plugin was sitting vulnerable for some time and attack vectors were available with lowest possible user role. Now in current version 1.34.4 some hardening was placed in the form of post_type checks & nonce’s, but meddling with protected meta failed again. Almost the same way as WordPress core did. Eli5 PoC In …