CVE-2015-6668
The WordPress Job Manager plugin vulnerable versions before 0.7.25 allow remote attackers to read arbitrary CV files via an insecure direct object reference by brute-forcing the WordPress upload directory. Impact: CV file disclosure; attack vector: network, no authentication required. Remediation...