6.1CVSS
6.1AI Score
0.001EPSS
The Job Manager plugin before 0.7.25 allows remote attackers to read arbitrary CV files via a brute force attack to the WordPress upload directory structure, related to an insecure direct object reference.
7.5CVSS
7.5AI Score
0.025EPSS
The Job Manager WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/admin-jobs.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to an...
5.5CVSS
4.8AI Score
0.001EPSS