0.025 Low
EPSS
Percentile
90.3%
It is possible to enumerate the CV filename that is uploaded on the server and then access the CV file by performing a bruteforce attack to the wordpress upload directory structure.
vagmour.eu/cve-2015-6668-cv-filename-disclosure-on-job-manager-wordpress-plugin/