CVE-2022-2544 – Ninja Job Board < 1.3.3 - Resume Disclosure via Directory Listing

https://notcve.org/view.php?id=CVE-2022-2544

01 Aug 2022 — The Ninja Job Board WordPress plugin before 1.3.3 does not protect the directory where it stores uploaded resumes, making it vulnerable to unauthenticated Directory Listing which allows the download of uploaded resumes. El plugin Ninja Job Board de WordPress versiones anteriores a 1.3.3, no protege el directorio donde almacena los currículos subidos, haciéndolo vulnerable a un listado de directorios no autenticado que permite una descarga de los currículos subidos. The Ninja Job Board plugin for WordPress i... • https://plugins.trac.wordpress.org/changeset/2758420/ninja-job-board/trunk/includes/Classes/File/FileHandler.php?old=2126467&old_path=ninja-job-board%2Ftrunk%2Fincludes%2FClasses%2FFile%2FFileHandler.php • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-425: Direct Request ('Forced Browsing') •