CVE-2023-4933

MEDIUM Year: 2023
CVSS v3 Score
5.3
Medium
Weakness Type
CWE-552
View all →

Vulnerability Description

The WP Job Openings WordPress plugin before 3.4.3 does not block listing the contents of the directories where it stores attachments to job applications, allowing unauthenticated visitors to list and download private attachments if the autoindex feature of the web server is enabled.

Related Vulnerabilities

CVE-2019-14273

MEDIUM
CVSS:5.3(Medium)

In SilverStripe assets 4.0, there is broken access control on files.

CWE-5522019

CVE-2019-20593

MEDIUM
CVSS:5.3(Medium)

An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. Gallery leaks Private Mode thumbnails. The Samsung ID is SVE-2019-14208 (July 2019).

CWE-5522019

CVE-2019-3897

MEDIUM
CVSS:5.3(Medium)

It has been discovered in redhat-certification that any unauthorized user may download any file under /var/www/rhcert, provided they know its name. Red Hat Certification 6 and 7 is vulnerable to this ...

CWE-5522019

CVE-2020-10105

MEDIUM
CVSS:5.3(Medium)

An issue was discovered in Zammad 3.0 through 3.2. It returns source code of static resources when submitting an OPTIONS request, rather than a GET request. Disclosure of source code allows for an att...

CWE-5522020

CVE-2020-13953

MEDIUM
CVSS:5.3(Medium)

In Apache Tapestry from 5.4.0 to 5.5.0, crafting specific URLs, an attacker can download files inside the WEB-INF folder of the WAR being run.

CWE-5522020

CVE-2021-33843

MEDIUM
CVSS:5.3(Medium)

Fresenius Kabi Agilia SP MC WiFi vD25 and prior has a default configuration page accessible without authentication. An attacker may use this functionality to change the exposed configuration values su...

CWE-5522021