CVE-2022-1166: 
WordPress vulnerability analysis and mitigation

The JobMonster Theme was vulnerable to Directory Listing in the /wp-content/uploads/jobmonster/ folder (CVE-2022-1166). This vulnerability was discovered in versions prior to 4.6.6.1 and could potentially expose sensitive personal data such as people's resumes. The issue stemmed from the absence of a default PHP file or .htaccess file in the upload directory (WPScan).

The vulnerability is classified as a Sensitive Data Disclosure issue, falling under the OWASP Top 10 category A3: Sensitive Data Exposure and CWE-200. It received a CVSS score of 5.3 (medium severity). The technical issue arose from the lack of proper directory listing protection in the /wp-content/uploads/jobmonster/ folder (WPScan).

The primary impact of this vulnerability was the potential exposure of sensitive personal information, particularly resumes stored in the upload directory. While directory listing can be prevented through proper web server configuration, the lack of built-in protection in the theme made it more susceptible to data exposure (WPScan).

The vulnerability was fixed in version 4.6.6.1 of the JobMonster theme. Users should upgrade to this version or later to protect against this security issue. Additionally, server administrators can implement proper directory listing protection through web server configuration (WPScan, ThemeForest).