CVE-2022-1166
MEDIUMJobMonster < 4.6.6.1 - Unauthenticated Directory Listing in Uploads Folder
Title source: llmDescription
The JobMonster Theme was vulnerable to Directory Listing in the /wp-content/uploads/jobmonster/ folder, as it did not include a default PHP file, or .htaccess file. This could expose personal data such as people's resumes. Although Directory Listing can be prevented by securely configuring the web server, vendors can also take measures to make it less likely to happen.
References (2)
Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://wpscan.com/vulnerability/ea6646ac-f71f-4340-965d-fab272da5189
Product, Third Party Advisory x_refsource_misc
https://themeforest.net/item/jobmonster-job-board-wordpress-theme/10965446
Scores
CVSS v3
5.3
EPSS
0.0153
EPSS Percentile
71.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-22
Status
published
Products (1)
nootheme/jobmonster
< 4.6.6.1
Published
Apr 04, 2022
Tracked Since
Feb 18, 2026