Job Manager & Career < 1.4.4 - Directory listing to Sensitive Data Exposure
CVE-2023-5906
7.5HIGH
Summary
The Job Manager & Career plugin for WordPress prior to version 1.4.4 has a vulnerability in its Directory Listings feature. This allows unauthorized users to access and download private files belonging to other users. This flaw creates a significant risk of exposing sensitive data without proper permissions, compromising user confidentiality and overall security integrity.
Affected Version(s)
Job Manager & Career 0 < 1.4.4
References
CVSS V3.1
Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Dmitrii Ignatyev
WPScan