CVE-2023-5906 – Job Manager & Career – Directory listing to Sensitive Data Exposure – POC

During testing, a critical vulnerability was discovered in the plugin, namely a vulnerability in the Directory Listings system, which allows an unauthorized user to view and download private files of other users. This vulnerability poses a serious security threat because it allows an attacker to gain access to confidential data and files of other users without their permission.

Main info:

CVE	CVE-2023-5906
Plugin	Job Manager & Career
Critical	High
All Time	38 315
Active installations	2000+
Publicly Published	November 23, 2023
Last Updated	November 23, 2023
Researcher	Dmtirii Ignatyev
OWASP TOP-10	A3: Sensitive Data Exposure
PoC	Yes
Exploit	Will be later
Reference	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5762 https://wpscan.com/vulnerability/6ad99725-eccc-4b61-bce2-668b62619deb/
Plugin Security Certification by CleanTalk

Timeline

Discovery of the Vulnerability

While conducting a security assessment of the Job Manager & Career plugin, a critical vulnerability in the Directory Listings system was identified during testing. This vulnerability allows unauthorized users to access and download private files of other users, presenting a significant security risk by potentially exposing confidential data without proper authorization.

Understanding of Directory Listing attack’s

Directory Listing, in the context of WordPress, refers to the ability to view the contents of a directory through a web browser. In some cases, this feature is unintentionally exposed, allowing users to see the files and folders within a directory.

In the case of the Job Manager & Career plugin, the vulnerability allows an unauthorized user to exploit the Directory Listings system, gaining visibility into private files. This exposure could include sensitive information such as resumes, personal details, or other confidential documents uploaded by users.

Exploiting the Directory Listing Vulnerability

Exploiting the Directory Listing vulnerability typically involves navigating to a specific URL or endpoint that exposes directory contents. In the context of the Job Manager & Career plugin, an attacker might manipulate URLs to access directories containing private files. Through this manipulation, an attacker could view and download files meant to be private.

POC URL:

1) Go http://your_site/wordpress/wp-content/uploads/thjmf_uploads

___

The potential risk associated with this vulnerability is severe. An attacker gaining access to private files can lead to the exposure of sensitive information, privacy breaches, and unauthorized use of confidential data. Real-world scenarios could include an attacker accessing resumes, personal documents, or proprietary information uploaded by users of the plugin.

Recommendations for Improved Security

To address and mitigate the risk posed by the Directory Listing vulnerability in the Job Manager & Career plugin, the following recommendations are advised:

• Patch and Update: Ensure the plugin is updated to the latest version with security patches.
• Directory Restrictions: Implement strict controls on directory access to prevent unauthorized viewing of files.
• Access Controls: Enforce proper access controls and permissions to restrict file access based on user roles.
• Security Audits: Conduct regular security audits to identify and remediate vulnerabilities promptly.

By implementing these security measures, administrators can significantly reduce the risk of unauthorized access through directory listings and enhance the overall security of their WordPress environment.

By taking these measures, the risk of exploitation of this vulnerability can be significantly reduced, enhancing the overall security posture of the WordPress environment.

#WordPressSecurity #DirectoryListing #WebsiteSafety #StayProtected #HighVulnerability

Use CleanTalk solutions to improve the security of your website

DMITRII I.