WordPress Plugin Vulnerabilities

Simple Job Board < 2.10.0 - Resume Disclosure via Directory Listing

Description

The plugin is susceptible to Directory Listing which allows the public listing of uploaded resumes in certain configurations.

Proof of Concept

Affects Plugins

Plugin icon
simple-job-board
Fixed in 2.10.0

References

CVE
CVE-2022-2558

Classification

Type
SENSITIVE DATA DISCLOSURE
OWASP top 10
A3: Sensitive Data Exposure
CWE
CWE-200
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Daniel Ruf
Submitter
Daniel Ruf
Submitter website
https://daniel-ruf.de
Verified
Yes
WPVDB ID
6e096269-eedc-4614-88ce-6795c4adf32f

Timeline

Publicly Published
2022-08-01 (about 3 years ago)
Added
2022-08-01 (about 3 years ago)
Last Updated
2023-04-30 (about 2 years ago)

Other

Published
Title
Published
2024-07-18
Title
ElementsKit Elementor addons < 3.2.1 - Unauthenticated Information Exposure via ekit_widgetarea_content Function
Published
2023-10-16
Title
404 Solution < 2.33.1 - Sensitive Information Exposure
Published
2024-04-11
Title
Citadela Listing <= 5.18.1 - Unauthenticated Sensitive Information Exposure
Published
2024-04-29
Title
Drag and Drop Multiple File Upload – Contact Form 7 < 1.3.7.8 - Sensitive Information Exposure
Published
2024-10-15
Title
WP SendFox <= 1.3.1 - Unauthenticated Information Disclosure