CVE-2023-4933

WP Job Openings < 3.4.3 - Sensitive Data Exposure via Directory Listing

The WP Job Openings WordPress plugin before 3.4.3 does not block listing the contents of the directories where it stores attachments to job applications, allowing unauthenticated visitors to list and download private attachments if the autoindex feature of the web server is enabled.

We have discovered 780 live websites that are affected by CVE-2023-4933.

Affected Software


Product	WP Job Openings
Category	Wordpress Plugins
Vulnerable Versions	from 0 before 3.4.3
Total Vulnerable Versions	28
Vulnerable Domains	780 live websites (27.20% of WP Job Openings install base)

Common Weakness Enumeration

CWE-538 Insertion of Sensitive Information into Externally-Accessible File or Directory

Available Reports

Website List

Details

Published - Oct 16, 2023
Updated - Oct 16, 2023

Credits

Dmitrii Ignatyev (finder)
WPScan (coordinator)

CWE

CWE-538

CVE References

CWE References

cwe.mitre.org

Countries

United States	282 websites

India	78 websites
Germany	53 websites
GB	46 websites
France	28 websites
Canada	26 websites
Australia	16 websites
Italy	14 websites
Pakistan	12 websites
South Africa	12 websites

TLDs

.com	429 websites
.org	41 websites
.de	30 websites
.co.uk	21 websites
.net	19 websites
.com.au	12 websites
.fr	10 websites
.ca	8 websites
.eu	7 websites
.io	6 websites

Vulnerable Versions

Vulnerable versions are highlighted in red

References

https://wpscan.com/vulnerability/882f6c36-44c6-4273-81cd-2eaaf5e81fa7

Websites affected by CVE-2023-4933

Top websites that are affected by CVE-2023-4933. Please click on the "Contact us" link to get more information.

Domain	Country	Rank
*.*********.com	United States	,*
********.com	United States	,*
*.********.com	United States	,*
*.********.com	United States	*,*
*********.com	GB	*,*
********.io	United States	*,*
***********.com	India	*,*
*.**********.et	Ethiopia	*,*
*.*********.com	Denmark	*,*
***************.org	United States	*,*

See full domain list