CVE-2023-5906: Job Manager & Career < 1.4.4 - Directory listing to Sensitive Data Exposure
First published: Mon Nov 27 2023(Updated: )
The Job Manager & Career WordPress plugin before 1.4.4 contains a vulnerability in the Directory Listings system, which allows an unauthorized user to view and download private files of other users. This vulnerability poses a serious security threat because it allows an attacker to gain access to confidential data and files of other users without their permission.
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Themehigh Job Manager & Career | <1.4.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2023-5906.
What is the title of this vulnerability?
The title of this vulnerability is 'Job Manager & Career < 1.4.4 - Directory listing to Sensitive Data Exposure'.
What is the severity of CVE-2023-5906?
The severity of CVE-2023-5906 is high, with a severity value of 7.5.
What is the affected software for CVE-2023-5906?
The affected software for CVE-2023-5906 is the Job Manager & Career plugin before version 1.4.4 for WordPress.
How can an unauthorized user exploit this vulnerability?
An unauthorized user can exploit this vulnerability by exploiting the Directory Listings system to view and download private files of other users.
- agent/event
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- agent/author
- agent/severity
- agent/references
- agent/title
- agent/weakness
- collector/epss-latest
- source/FIRST
- agent/description
- agent/epss
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/tags
- collector/nvd-api
- agent/software-canonical-lookup-request
- vendor/themehigh
- canonical/themehigh job manager & career