CVE-2022-2544
N/A
N/A
Summary
The Ninja Job Board WordPress plugin before 1.3.3 does not protect the directory where it stores uploaded resumes, making it vulnerable to unauthenticated Directory Listing which allows the download of uploaded resumes.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Unknown | Ninja Job Board – Ultimate WordPress Job Board Plugin | 1.3.3 < 1.3.3 | affected |
Weaknesses
- CWE-425: CWE-425 Direct Request ('Forced Browsing')
ADP Enrichment
CVE Program Container
Additional References
- https://wpscan.com/vulnerability/a9bcc68c-eeda-4647-8463-e7e136733053
- https://plugins.trac.wordpress.org/changeset/2758420/ninja-job-board/trunk/includes/Classes/File/FileHandler.php?old=2126467&old_path=ninja-job-board%2Ftrunk%2Fincludes%2FClasses%2FFile%2FFileHandler.php
References
- https://wpscan.com/vulnerability/a9bcc68c-eeda-4647-8463-e7e136733053
- https://plugins.trac.wordpress.org/changeset/2758420/ninja-job-board/trunk/includes/Classes/File/FileHandler.php?old=2126467&old_path=ninja-job-board%2Ftrunk%2Fincludes%2FClasses%2FFile%2FFileHandler.php
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.