{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-4933", "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "state": "PUBLISHED", "assignerShortName": "WPScan", "dateReserved": "2023-09-13T12:12:03.086Z", "datePublished": "2023-10-16T19:39:22.761Z", "dateUpdated": "2023-10-16T19:39:22.761Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan", "dateUpdated": "2023-10-16T19:39:22.761Z"}, "title": "WP Job Openings < 3.4.3 - Sensitive Data Exposure via Directory Listing", "problemTypes": [{"descriptions": [{"description": "CWE-538 Insertion of Sensitive Information into Externally-Accessible File or Directory", "lang": "en", "type": "CWE"}]}], "affected": [{"vendor": "Unknown", "product": "WP Job Openings", "versions": [{"status": "affected", "versionType": "custom", "version": "0", "lessThan": "3.4.3"}], "defaultStatus": "unaffected", "collectionURL": "https://wordpress.org/plugins"}], "descriptions": [{"lang": "en", "value": "The WP Job Openings WordPress plugin before 3.4.3 does not block listing the contents of the directories where it stores attachments to job applications, allowing unauthenticated visitors to list and download private attachments if the autoindex feature of the web server is enabled."}], "references": [{"url": "https://wpscan.com/vulnerability/882f6c36-44c6-4273-81cd-2eaaf5e81fa7", "tags": ["exploit", "vdb-entry", "technical-description"]}], "credits": [{"lang": "en", "value": "Dmitrii Ignatyev", "type": "finder"}, {"lang": "en", "value": "WPScan", "type": "coordinator"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "WPScan CVE Generator"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:awsm:wp_job_openings:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "86AF34BD-1C51-45C8-ACA7-E7DA88C57E82", "versionEndExcluding": "3.4.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The WP Job Openings WordPress plugin before 3.4.3 does not block listing the contents of the directories where it stores attachments to job applications, allowing unauthenticated visitors to list and download private attachments if the autoindex feature of the web server is enabled."}, {"lang": "es", "value": "El complemento WP Job Openings de WordPress anterior a 3.4.3 no bloquea la lista de contenidos de los directorios donde almacena archivos adjuntos a las solicitudes de empleo, lo que permite a los visitantes no autenticados enumerar y descargar archivos adjuntos privados si la funci\u00f3n autoindex del servidor web est\u00e1 habilitada."}], "id": "CVE-2023-4933", "lastModified": "2024-02-16T18:57:14.973", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-10-16T20:15:17.243", "references": [{"source": "contact@wpscan.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/882f6c36-44c6-4273-81cd-2eaaf5e81fa7"}], "sourceIdentifier": "contact@wpscan.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-552"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}