CVE-2023-4933

Summary

The WP Job Openings WordPress plugin before 3.4.3 does not block listing the contents of the directories where it stores attachments to job applications, allowing unauthenticated visitors to list and download private attachments if the autoindex feature of the web server is enabled.

Affected Software

VendorProductVersion RangeStatus
UnknownWP Job Openings0 < 3.4.3affected

Weaknesses

  • CWE-538 Insertion of Sensitive Information into Externally-Accessible File or Directory

ADP Enrichment

CVE Program Container

Additional References

References