The Job Manager plugin before 0.7.25 allows remote attackers to read arbitrary CV files via a brute force attack to the WordPress upload directory structure, related to an insecure direct object reference.
CPE | Name | Operator | Version |
---|---|---|---|
job_manager | le | 0.7.24 |