5.3
CVE-2023-4933
- EPSS 0.54%
- Veröffentlicht 16.10.2023 20:15:17
- Zuletzt bearbeitet 21.11.2024 08:36:17
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginWP Job Openings < 3.4.3 - Sensitive Data Exposure via Directory Listing
WP Job Openings <= 3.4.2 - Information Exposure
The WP Job Openings WordPress plugin before 3.4.3 does not block listing the contents of the directories where it stores attachments to job applications, allowing unauthenticated visitors to list and download private attachments if the autoindex feature of the web server is enabled.
Mögliche Gegenmaßnahme
HireZoot – (WP Job Openings) Job Listings, Career Page & Recruitment Tool: Update to version 3.4.3, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Awsm ≫ Wp Job Openings SwPlatformwordpress Version < 3.4.3
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
HireZoot – (WP Job Openings) Job Listings, Career Page & Recruitment Tool
Version
*-3.4.2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.54% | 0.411 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
CWE-552 Files or Directories Accessible to External Parties
The product makes files or directories accessible to unauthorized actors, even though they should not be.
https://wpscan.com/vulnerability/882f6c36-44c6-4273-81cd-2eaaf5e81fa7
https://www.wordfence.com/threat-intel/vulnerabilities/id/334be95c-438a-4e03-9ee4-9a6d2c2fa5f7