CVE-2023-4933 in WP Job Openings Plugin
Summary
by MITRE • 10/25/2023
The WP Job Openings WordPress plugin before 3.4.3 does not block listing the contents of the directories where it stores attachments to job applications, allowing unauthenticated visitors to list and download private attachments if the autoindex feature of the web server is enabled.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 05/25/2026
The WP Job Openings WordPress plugin vulnerability represents a critical access control flaw that exposes sensitive job application attachments to unauthorized users. This issue affects versions prior to 3.4.3 and stems from inadequate directory permissions within the plugin's file storage mechanism. The vulnerability arises when web servers with autoindex functionality enabled allow directory listing, creating a pathway for attackers to enumerate and download private job application documents without authentication. The flaw demonstrates a fundamental failure in the plugin's implementation of access controls and file system security measures, directly violating the principle of least privilege and proper authorization checks.
This vulnerability creates significant operational risks by exposing sensitive personal information contained within job application attachments. The affected directories typically contain resumes, cover letters, and other confidential documents that applicants submit through the job posting system. When autoindex is enabled on the web server, attackers can traverse the directory structure and access these private files, potentially leading to identity theft, employment fraud, and violation of data protection regulations such as gdpr and ccpa. The exposure of such data represents a severe breach of user privacy and organizational security policies, particularly in industries where job seekers provide sensitive personal and professional information.
The technical implementation of this vulnerability involves the plugin's failure to properly secure its attachment storage directories through appropriate access controls and web server configurations. The plugin does not implement proper directory permissions or disable directory listing features for its attachment folders, relying instead on the web server's default behavior. This approach creates a dangerous dependency on server-level security configurations rather than implementing robust application-level access controls. The vulnerability aligns with CWE-22 - Improper Limitation of a Pathname to a Restricted Directory and CWE-73 - External Control of File Name or Path, both of which address improper access control and path traversal issues that can lead to unauthorized file access.
From an attack perspective, this vulnerability enables passive reconnaissance and data exfiltration capabilities for threat actors. The attacker requires only basic directory listing access to enumerate available files and download sensitive attachments. This represents a low-effort, high-impact attack vector that can be automated and scaled across multiple vulnerable installations. The vulnerability also aligns with ATT&CK technique T1213.002 - Data from Information Repositories, specifically targeting the extraction of sensitive data from repository systems. The lack of authentication requirements makes this attack particularly dangerous as it can be executed by anyone with access to the affected website, potentially affecting thousands of job seekers if the vulnerability exists across multiple installations.
Organizations should implement immediate mitigations including updating to WP Job Openings plugin version 3.4.3 or later, which addresses the directory access control issues. Server-level configurations should disable autoindex functionality for directories containing sensitive data, and proper directory permissions should be implemented to prevent unauthorized access. Additionally, organizations should conduct comprehensive audits of their WordPress installations to identify other plugins with similar vulnerabilities and ensure proper access controls are in place for all file storage directories. The vulnerability highlights the importance of application-level security controls over relying solely on web server configurations and underscores the necessity of regular security assessments and patch management procedures to prevent such exposure of sensitive data.