5.3

CVE-2023-4933

Exploit

EPSS 0.13%
Veröffentlicht 16.10.2023 20:15:17
Zuletzt bearbeitet 21.11.2024 08:36:17
Quelle contact@wpscan.com
CVE-Watchlists
Login
Unerledigt
Login

WP Job Openings <= 3.4.2 - Information Exposure

The WP Job Openings WordPress plugin before 3.4.3 does not block listing the contents of the directories where it stores attachments to job applications, allowing unauthenticated visitors to list and download private attachments if the autoindex feature of the web server is enabled.

Mögliche Gegenmaßnahme

WP Job Openings – Job Listing, Career Page and Recruitment Plugin: Update to version 3.4.3, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt WP Job Openings – Job Listing, Career Page and Recruitment Plugin

Version *-3.4.2

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Awsm ≫ Wp Job Openings SwPlatformwordpress Version < 3.4.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.13%	0.325

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-552 Files or Directories Accessible to External Parties

The product makes files or directories accessible to unauthorized actors, even though they should not be.

https://wpscan.com/vulnerability/882f6c36-44c6-4273-81cd-2eaaf5e81fa7

Third Party Advisory

Exploit

https://www.wordfence.com/threat-intel/vulnerabilities/id/334be95c-438a-4e03-9ee4-9a6d2c2fa5f7

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-4933

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-4933

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-4933

EUVD