The WP JobSearch WordPress plugin before 2.3.4 does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the server
https://wpscan.com/vulnerability/757412f4-e4f8-4007-8e3b-639a72b33180/