Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for WP Job Openings by Unknown

    CVE-2023-4933 (GCVE-0-2023-4933)

    Vulnerability from nvd – Published: 2023-10-16 19:39 – Updated: 2024-08-02 07:44
    VLAI
    Title
    WP Job Openings < 3.4.3 - Sensitive Data Exposure via Directory Listing
    Summary
    The WP Job Openings WordPress plugin before 3.4.3 does not block listing the contents of the directories where it stores attachments to job applications, allowing unauthenticated visitors to list and download private attachments if the autoindex feature of the web server is enabled.
    Severity
    No CVSS data available.
    Assigner
    References
    URL Tags
    https://wpscan.com/vulnerability/882f6c36-44c6-42… exploitvdb-entrytechnical-description
    Impacted products
    Vendor Product Version
    Unknown WP Job Openings Affected: 0 , < 3.4.3 (custom)
    Create a notification for this product.
    Credits
    Dmitrii Ignatyev WPScan
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:44:52.224Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "exploit",
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/882f6c36-44c6-4273-81cd-2eaaf5e81fa7"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://wordpress.org/plugins",
              "defaultStatus": "unaffected",
              "product": "WP Job Openings",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "3.4.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Dmitrii Ignatyev"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "WPScan"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The WP Job Openings WordPress plugin before 3.4.3 does not block listing the contents of the directories where it stores attachments to job applications, allowing unauthenticated visitors to list and download private attachments if the autoindex feature of the web server is enabled."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-538 Insertion of Sensitive Information into Externally-Accessible File or Directory",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-16T19:39:22.761Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "exploit",
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://wpscan.com/vulnerability/882f6c36-44c6-4273-81cd-2eaaf5e81fa7"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "WP Job Openings \u003c 3.4.3 - Sensitive Data Exposure via Directory Listing",
          "x_generator": {
            "engine": "WPScan CVE Generator"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2023-4933",
        "datePublished": "2023-10-16T19:39:22.761Z",
        "dateReserved": "2023-09-13T12:12:03.086Z",
        "dateUpdated": "2024-08-02T07:44:52.224Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-4933 (GCVE-0-2023-4933)

    Vulnerability from cvelistv5 – Published: 2023-10-16 19:39 – Updated: 2024-08-02 07:44
    VLAI
    Title
    WP Job Openings < 3.4.3 - Sensitive Data Exposure via Directory Listing
    Summary
    The WP Job Openings WordPress plugin before 3.4.3 does not block listing the contents of the directories where it stores attachments to job applications, allowing unauthenticated visitors to list and download private attachments if the autoindex feature of the web server is enabled.
    Severity
    No CVSS data available.
    Assigner
    References
    URL Tags
    https://wpscan.com/vulnerability/882f6c36-44c6-42… exploitvdb-entrytechnical-description
    Impacted products
    Vendor Product Version
    Unknown WP Job Openings Affected: 0 , < 3.4.3 (custom)
    Create a notification for this product.
    Credits
    Dmitrii Ignatyev WPScan
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:44:52.224Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "exploit",
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/882f6c36-44c6-4273-81cd-2eaaf5e81fa7"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://wordpress.org/plugins",
              "defaultStatus": "unaffected",
              "product": "WP Job Openings",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "3.4.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Dmitrii Ignatyev"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "WPScan"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The WP Job Openings WordPress plugin before 3.4.3 does not block listing the contents of the directories where it stores attachments to job applications, allowing unauthenticated visitors to list and download private attachments if the autoindex feature of the web server is enabled."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-538 Insertion of Sensitive Information into Externally-Accessible File or Directory",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-16T19:39:22.761Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "exploit",
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://wpscan.com/vulnerability/882f6c36-44c6-4273-81cd-2eaaf5e81fa7"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "WP Job Openings \u003c 3.4.3 - Sensitive Data Exposure via Directory Listing",
          "x_generator": {
            "engine": "WPScan CVE Generator"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2023-4933",
        "datePublished": "2023-10-16T19:39:22.761Z",
        "dateReserved": "2023-09-13T12:12:03.086Z",
        "dateUpdated": "2024-08-02T07:44:52.224Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }