CVE-2023-5906

2023-11-2717:15:09

[email protected]

web.nvd.nist.gov

cve-2023-5906

job manager

career

wordpress

plugin

vulnerability

directory listings

unauthorized access

security threat

confidential data

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

36.1%

JSON

The Job Manager & Career WordPress plugin before 1.4.4 contains a vulnerability in the Directory Listings system, which allows an unauthorized user to view and download private files of other users. This vulnerability poses a serious security threat because it allows an attacker to gain access to confidential data and files of other users without their permission.

Affected configurations

Vulners

NVD

Node

themehighjob_manager_\&_careerRange<1.4.4

VendorProductVersionCPE
themehighjob_manager_\&_career*cpe:2.3:a:themehigh:job_manager_\&_career:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
themehigh	job_manager_\&_career	*	cpe:2.3:a:themehigh:job_manager_\&_career::::::::

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "Job Manager & Career",
    "versions": [
      {
        "status": "affected",
        "versionType": "semver",
        "version": "0",
        "lessThan": "1.4.4"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]