CVE-2023-4933

{"id": "CVE-2023-4933", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2023-10-16T20:15:17.243", "references": [{"url": "https://wpscan.com/vulnerability/882f6c36-44c6-4273-81cd-2eaaf5e81fa7", "tags": ["Exploit", "Third Party Advisory"], "source": "contact@wpscan.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-552"}]}], "descriptions": [{"lang": "en", "value": "The WP Job Openings WordPress plugin before 3.4.3 does not block listing the contents of the directories where it stores attachments to job applications, allowing unauthenticated visitors to list and download private attachments if the autoindex feature of the web server is enabled."}, {"lang": "es", "value": "El complemento WP Job Openings de WordPress anterior a 3.4.3 no bloquea la lista de contenidos de los directorios donde almacena archivos adjuntos a las solicitudes de empleo, lo que permite a los visitantes no autenticados enumerar y descargar archivos adjuntos privados si la funci\u00f3n autoindex del servidor web est\u00e1 habilitada."}], "lastModified": "2024-02-16T18:57:14.973", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:awsm:wp_job_openings:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "86AF34BD-1C51-45C8-ACA7-E7DA88C57E82", "versionEndExcluding": "3.4.3"}], "operator": "OR"}]}], "sourceIdentifier": "contact@wpscan.com"}