The WP Job Openings WordPress plugin before 3.4.3 does not block listing the contents of the directories where it stores attachments to job applications, allowing unauthenticated visitors to list and download private attachments if the autoindex feature of the web server is enabled.
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/882f6c36-44c6-4273-81cd-2eaaf5e81fa7 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: WPScan
Published: 2023-10-16T19:39:22.761Z
Updated: 2023-10-16T19:39:22.761Z
Reserved: 2023-09-13T12:12:03.086Z
Link: CVE-2023-4933
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-10-16T20:15:17.243
Modified: 2024-02-16T18:57:14.973
Link: CVE-2023-4933
JSON object: View
Redhat Information
No data.
CWE