CVE-2022-2544: 
WordPress vulnerability analysis and mitigation

The Ninja Job Board WordPress plugin before version 1.3.3 contains a security vulnerability (CVE-2022-2544) that was discovered on August 1, 2022, and publicly disclosed on August 22, 2022. The vulnerability affects the file storage mechanism of the plugin, where uploaded resumes are stored without proper directory protection (WPScan).

The vulnerability is classified as a Directory Listing issue (CWE-425) that allows unauthenticated access to uploaded resumes. It has received a CVSS v3.1 Base Score of 7.5 (High), with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N, indicating network accessibility, low attack complexity, and no required privileges or user interaction (NVD).

The vulnerability exposes sensitive information by allowing unauthorized users to access and download resumes that have been uploaded through the plugin. This represents a significant privacy concern as resumes typically contain personal information such as names, contact details, work history, and other sensitive data (WPScan).

The vulnerability has been patched in version 1.3.3 of the Ninja Job Board plugin. Users are strongly advised to update to this version or later to protect uploaded resumes from unauthorized access (WordPress Patch).