CVE-2023-4933

MEDIUM

WP Job Openings <3.4.3 - Info Disclosure

Title source: llm

Description

The WP Job Openings WordPress plugin before 3.4.3 does not block listing the contents of the directories where it stores attachments to job applications, allowing unauthenticated visitors to list and download private attachments if the autoindex feature of the web server is enabled.

References (1)

[Exploit, Third Party Advisory] https://wpscan.com/vulnerability/882f6c36-44c6-4273-81cd-2eaaf5e81fa7

Scores

CVSS v3 5.3

EPSS 0.0013

EPSS Percentile 31.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE

CWE-552

Status published

Products (1)

awsm/wp_job_openings < 3.4.3

Published Oct 16, 2023

Tracked Since Feb 18, 2026