During testing, a critical vulnerability was discovered in the plugin, namely a vulnerability in the Directory Listings system, which allows an unauthorized user to view and download private files of other users. This vulnerability poses a serious security threat because it allows an attacker to gain access to confidential data and files of other users without their permission.

Main info:

CVECVE-2023-5906
PluginJob Manager & Career
CriticalHigh
All Time38 315
Active installations2000+
Publicly PublishedNovember 23, 2023
Last UpdatedNovember 23, 2023
ResearcherDmtirii Ignatyev
OWASP TOP-10A3: Sensitive Data Exposure
PoCYes
ExploitWill be later
Reference https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5762
https://wpscan.com/vulnerability/6ad99725-eccc-4b61-bce2-668b62619deb/
Plugin Security Certification by CleanTalk

Timeline

October 11, 2023Plugin testing and vulnerability detection in the Job Manager & Career plugin have been completed
October 11, 2023I contacted the author of the plugin and provided a vulnerability PoC with a description and recommendations for fixing
November 20, 2023The author fixed the vulnerability and released the plugin update
November 23, 2023Registered CVE-2023-5906

Discovery of the Vulnerability

While conducting a security assessment of the Job Manager & Career plugin, a critical vulnerability in the Directory Listings system was identified during testing. This vulnerability allows unauthorized users to access and download private files of other users, presenting a significant security risk by potentially exposing confidential data without proper authorization.

Understanding of Directory Listing attack’s

Directory Listing, in the context of WordPress, refers to the ability to view the contents of a directory through a web browser. In some cases, this feature is unintentionally exposed, allowing users to see the files and folders within a directory.

In the case of the Job Manager & Career plugin, the vulnerability allows an unauthorized user to exploit the Directory Listings system, gaining visibility into private files. This exposure could include sensitive information such as resumes, personal details, or other confidential documents uploaded by users.

Exploiting the Directory Listing Vulnerability

Exploiting the Directory Listing vulnerability typically involves navigating to a specific URL or endpoint that exposes directory contents. In the context of the Job Manager & Career plugin, an attacker might manipulate URLs to access directories containing private files. Through this manipulation, an attacker could view and download files meant to be private.

POC URL:

1) Go http://your_site/wordpress/wp-content/uploads/thjmf_uploads

___

The potential risk associated with this vulnerability is severe. An attacker gaining access to private files can lead to the exposure of sensitive information, privacy breaches, and unauthorized use of confidential data. Real-world scenarios could include an attacker accessing resumes, personal documents, or proprietary information uploaded by users of the plugin.

Recommendations for Improved Security

To address and mitigate the risk posed by the Directory Listing vulnerability in the Job Manager & Career plugin, the following recommendations are advised:

  • Patch and Update: Ensure the plugin is updated to the latest version with security patches.
  • Directory Restrictions: Implement strict controls on directory access to prevent unauthorized viewing of files.
  • Access Controls: Enforce proper access controls and permissions to restrict file access based on user roles.
  • Security Audits: Conduct regular security audits to identify and remediate vulnerabilities promptly.

By implementing these security measures, administrators can significantly reduce the risk of unauthorized access through directory listings and enhance the overall security of their WordPress environment.

By taking these measures, the risk of exploitation of this vulnerability can be significantly reduced, enhancing the overall security posture of the WordPress environment.

#WordPressSecurity #DirectoryListing #WebsiteSafety #StayProtected #HighVulnerability

Use CleanTalk solutions to improve the security of your website

DMITRII I.

Create your CleanTalk account



By signing up, you agree with license. Have an account? Log in.
CVE-2023-5906 – Job Manager & Career – Directory listing to Sensitive Data Exposure – POC

Leave a Reply

Your email address will not be published. Required fields are marked *