Vulnerability Description
The JobMonster Theme was vulnerable to Directory Listing in the /wp-content/uploads/jobmonster/ folder, as it did not include a default PHP file, or .htaccess file. This could expose personal data such as people's resumes. Although Directory Listing can be prevented by securely configuring the web server, vendors can also take measures to make it less likely to happen.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nootheme | Jobmonster | < 4.6.6.1 |
Related Weaknesses (CWE)
References
- https://themeforest.net/item/jobmonster-job-board-wordpress-theme/10965446ProductThird Party Advisory
- https://wpscan.com/vulnerability/ea6646ac-f71f-4340-965d-fab272da5189ExploitThird Party Advisory
- https://themeforest.net/item/jobmonster-job-board-wordpress-theme/10965446ProductThird Party Advisory
- https://wpscan.com/vulnerability/ea6646ac-f71f-4340-965d-fab272da5189ExploitThird Party Advisory
FAQ
What is CVE-2022-1166?
CVE-2022-1166 is a vulnerability with a CVSS score of 5.3 (MEDIUM). The JobMonster Theme was vulnerable to Directory Listing in the /wp-content/uploads/jobmonster/ folder, as it did not include a default PHP file, or .htaccess file. This could expose personal data suc...
How severe is CVE-2022-1166?
CVE-2022-1166 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-1166?
Check the references section above for vendor advisories and patch information. Affected products include: Nootheme Jobmonster.