WordPress Plugin Vulnerabilities

WP Job Openings < 3.4.3 - Sensitive Data Exposure via Directory Listing

Description

The plugin does not block listing the contents of the directories where it stores attachments to job applications, allowing unauthenticated visitors to list and download private attachments if the autoindex feature of the web server is enabled.

Proof of Concept

http://your_site/wordpress/wp-content/uploads/awsm-job-openings/2023/09/

Affects Plugins

Plugin icon
wp-job-openings
Fixed in 3.4.3

References

CVE
CVE-2023-4933
URL
https://blog.cleantalk.org/cve-2023-4933-wp-job-openings-3-4-3-sensitive-data-exposure-via-directory-listing

Classification

Type
SENSITIVE DATA DISCLOSURE
OWASP top 10
A3: Sensitive Data Exposure
CWE
CWE-200
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Dmitrii Ignatyev
Submitter
Dmitrii Ignatyev
Submitter website
https://blog.cleantalk.org
Verified
Yes
WPVDB ID
882f6c36-44c6-4273-81cd-2eaaf5e81fa7

Timeline

Publicly Published
2023-09-25 (about 7 months ago)
Added
2023-09-25 (about 7 months ago)
Last Updated
2023-09-26 (about 7 months ago)

Other

Published
Title
Published
2023-12-27
Title
Product Catalog Simple < 1.7.7 - Sensitive Information Exposure via Product CSV
Published
2024-03-19
Title
Easy Maintenance Mode <= 1.4.2 - Information Exposure
Published
2024-01-22
Title
File Manager < 7.2.2 - Sensitive Information Exposure via Backup Filenames
Published
2023-12-07
Title
PayHere Payment Gateway < 2.2.12 - Unauthenticated Log Data Disclosure
Published
2024-02-20
Title
PeproDev Ultimate Invoice < 1.9.8 - Unauthenticated Arbitrary Invoice Access