Vulnerability Description
The Ninja Job Board WordPress plugin before 1.3.3 does not protect the directory where it stores uploaded resumes, making it vulnerable to unauthenticated Directory Listing which allows the download of uploaded resumes.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Wpmanageninja | Ninja Job Board | < 1.3.3 |
Related Weaknesses (CWE)
References
- https://plugins.trac.wordpress.org/changeset/2758420/ninja-job-board/trunk/incluPatchThird Party Advisory
- https://wpscan.com/vulnerability/a9bcc68c-eeda-4647-8463-e7e136733053ExploitThird Party Advisory
- https://plugins.trac.wordpress.org/changeset/2758420/ninja-job-board/trunk/incluPatchThird Party Advisory
- https://wpscan.com/vulnerability/a9bcc68c-eeda-4647-8463-e7e136733053ExploitThird Party Advisory
FAQ
What is CVE-2022-2544?
CVE-2022-2544 is a vulnerability with a CVSS score of 7.5 (HIGH). The Ninja Job Board WordPress plugin before 1.3.3 does not protect the directory where it stores uploaded resumes, making it vulnerable to unauthenticated Directory Listing which allows the download o...
How severe is CVE-2022-2544?
CVE-2022-2544 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-2544?
Check the references section above for vendor advisories and patch information. Affected products include: Wpmanageninja Ninja Job Board.