Search criteria
2 vulnerabilities found for WP Job Openings by Unknown
CVE-2023-4933 (GCVE-0-2023-4933)
Vulnerability from nvd – Published: 2023-10-16 19:39 – Updated: 2024-08-02 07:44
VLAI
Title
WP Job Openings < 3.4.3 - Sensitive Data Exposure via Directory Listing
Summary
The WP Job Openings WordPress plugin before 3.4.3 does not block listing the contents of the directories where it stores attachments to job applications, allowing unauthenticated visitors to list and download private attachments if the autoindex feature of the web server is enabled.
Severity
No CVSS data available.
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/882f6c36-44c6-42… | exploitvdb-entrytechnical-description |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | WP Job Openings |
Affected:
0 , < 3.4.3
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:44:52.224Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/882f6c36-44c6-4273-81cd-2eaaf5e81fa7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"product": "WP Job Openings",
"vendor": "Unknown",
"versions": [
{
"lessThan": "3.4.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dmitrii Ignatyev"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WP Job Openings WordPress plugin before 3.4.3 does not block listing the contents of the directories where it stores attachments to job applications, allowing unauthenticated visitors to list and download private attachments if the autoindex feature of the web server is enabled."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-538 Insertion of Sensitive Information into Externally-Accessible File or Directory",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-16T19:39:22.761Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/882f6c36-44c6-4273-81cd-2eaaf5e81fa7"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WP Job Openings \u003c 3.4.3 - Sensitive Data Exposure via Directory Listing",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2023-4933",
"datePublished": "2023-10-16T19:39:22.761Z",
"dateReserved": "2023-09-13T12:12:03.086Z",
"dateUpdated": "2024-08-02T07:44:52.224Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4933 (GCVE-0-2023-4933)
Vulnerability from cvelistv5 – Published: 2023-10-16 19:39 – Updated: 2024-08-02 07:44
VLAI
Title
WP Job Openings < 3.4.3 - Sensitive Data Exposure via Directory Listing
Summary
The WP Job Openings WordPress plugin before 3.4.3 does not block listing the contents of the directories where it stores attachments to job applications, allowing unauthenticated visitors to list and download private attachments if the autoindex feature of the web server is enabled.
Severity
No CVSS data available.
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/882f6c36-44c6-42… | exploitvdb-entrytechnical-description |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | WP Job Openings |
Affected:
0 , < 3.4.3
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:44:52.224Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/882f6c36-44c6-4273-81cd-2eaaf5e81fa7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"product": "WP Job Openings",
"vendor": "Unknown",
"versions": [
{
"lessThan": "3.4.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dmitrii Ignatyev"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WP Job Openings WordPress plugin before 3.4.3 does not block listing the contents of the directories where it stores attachments to job applications, allowing unauthenticated visitors to list and download private attachments if the autoindex feature of the web server is enabled."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-538 Insertion of Sensitive Information into Externally-Accessible File or Directory",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-16T19:39:22.761Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/882f6c36-44c6-4273-81cd-2eaaf5e81fa7"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WP Job Openings \u003c 3.4.3 - Sensitive Data Exposure via Directory Listing",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2023-4933",
"datePublished": "2023-10-16T19:39:22.761Z",
"dateReserved": "2023-09-13T12:12:03.086Z",
"dateUpdated": "2024-08-02T07:44:52.224Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}