During testing, a critical vulnerability was discovered in the plugin, namely a vulnerability in the Directory Listings system, which allows an unauthorized user to view and download private files of other users. This vulnerability poses a serious security threat because it allows an attacker to gain access to confidential data and files of other users without their permission.
Main info:
| CVE | CVE-2023-5906 |
| Plugin | Job Manager & Career |
| Critical | High |
| All Time | 38 315 |
| Active installations | 2000+ |
| Publicly Published | November 23, 2023 |
| Last Updated | November 23, 2023 |
| Researcher | Dmtirii Ignatyev |
| OWASP TOP-10 | A3: Sensitive Data Exposure |
| PoC | Yes |
| Exploit | Will be later |
| Reference | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5762 https://wpscan.com/vulnerability/6ad99725-eccc-4b61-bce2-668b62619deb/ |
| Plugin Security Certification by CleanTalk |  |
Timeline
| October 11, 2023 | Plugin testing and vulnerability detection in the Job Manager & Career plugin have been completed |
| October 11, 2023 | I contacted the author of the plugin and provided a vulnerability PoC with a description and recommendations for fixing |
| November 20, 2023 | The author fixed the vulnerability and released the plugin update |
| November 23, 2023 | Registered CVE-2023-5906 |
Discovery of the Vulnerability
While conducting a security assessment of the Job Manager & Career plugin, a critical vulnerability in the Directory Listings system was identified during testing. This vulnerability allows unauthorized users to access and download private files of other users, presenting a significant security risk by potentially exposing confidential data without proper authorization.
Understanding of Directory Listing attack’s
Directory Listing, in the context of WordPress, refers to the ability to view the contents of a directory through a web browser. In some cases, this feature is unintentionally exposed, allowing users to see the files and folders within a directory.
In the case of the Job Manager & Career plugin, the vulnerability allows an unauthorized user to exploit the Directory Listings system, gaining visibility into private files. This exposure could include sensitive information such as resumes, personal details, or other confidential documents uploaded by users.
Exploiting the Directory Listing Vulnerability
Exploiting the Directory Listing vulnerability typically involves navigating to a specific URL or endpoint that exposes directory contents. In the context of the Job Manager & Career plugin, an attacker might manipulate URLs to access directories containing private files. Through this manipulation, an attacker could view and download files meant to be private.
POC URL:
1) Go http://your_site/wordpress/wp-content/uploads/thjmf_uploads
___
The potential risk associated with this vulnerability is severe. An attacker gaining access to private files can lead to the exposure of sensitive information, privacy breaches, and unauthorized use of confidential data. Real-world scenarios could include an attacker accessing resumes, personal documents, or proprietary information uploaded by users of the plugin.
Recommendations for Improved Security
To address and mitigate the risk posed by the Directory Listing vulnerability in the Job Manager & Career plugin, the following recommendations are advised:
- Patch and Update: Ensure the plugin is updated to the latest version with security patches.
- Directory Restrictions: Implement strict controls on directory access to prevent unauthorized viewing of files.
- Access Controls: Enforce proper access controls and permissions to restrict file access based on user roles.
- Security Audits: Conduct regular security audits to identify and remediate vulnerabilities promptly.
By implementing these security measures, administrators can significantly reduce the risk of unauthorized access through directory listings and enhance the overall security of their WordPress environment.
By taking these measures, the risk of exploitation of this vulnerability can be significantly reduced, enhancing the overall security posture of the WordPress environment.
#WordPressSecurity #DirectoryListing #WebsiteSafety #StayProtected #HighVulnerability
Use CleanTalk solutions to improve the security of your website
DMITRII I.
