PT-2024-15188 · WordPress · Custom Field For Wp Job Manager
Francesco Carlucci
·
Published
2024-08-15
·
Updated
2024-08-19
·
CVE-2023-7049
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Custom Field For WP Job Manager plugin for WordPress version 1.2 and earlier
Description
The issue allows authenticated attackers with contributor-level access and above to expose potentially sensitive post metadata due to missing validation on the
job id user-controlled key in the 'cm fieldshow' shortcode.Recommendations
For version 1.2 and earlier, consider disabling the 'cm fieldshow' shortcode until a patch is available to prevent exploitation. Restrict access to the
job id variable to minimize the risk of exposing sensitive post metadata.Fix
IDOR
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Custom Field For Wp Job Manager