WP Job Openings < 3.4.3 - Sensitive Data Exposure via Directory Listing
CVE-2023-4933
5.3MEDIUM
Summary
The WP Job Openings WordPress plugin before 3.4.3 does not block listing the contents of the directories where it stores attachments to job applications, allowing unauthenticated visitors to list and download private attachments if the autoindex feature of the web server is enabled.
Affected Version(s)
WP Job Openings 0 < 3.4.3
References
CVSS V3.1
Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Dmitrii Ignatyev
WPScan