CVE-2023-48288: 
WordPress vulnerability analysis and mitigation

The WordPress Job Board and Recruitment Plugin – JobWP was found to contain a Sensitive Information Exposure vulnerability (CVE-2023-48288) affecting all versions up to and including 2.1. The vulnerability was discovered by Myungju Kim and publicly disclosed on November 23, 2023. This security issue allows unauthenticated attackers to access sensitive user data through resume files (WPScan, Patchstack).

The vulnerability has been assigned a CVSS v3.1 base score of 7.5 (High), with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. This indicates that the vulnerability can be exploited over the network, requires low attack complexity, needs no privileges, and requires no user interaction. The vulnerability is classified as CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor) (NVD).

Successful exploitation of this vulnerability allows unauthenticated attackers to extract sensitive user data via resumes. The vulnerability primarily affects data confidentiality, with no direct impact on system integrity or availability (WPScan).

The vulnerability has been fixed in version 2.2 of the WordPress Job Board and Recruitment Plugin – JobWP. Users are advised to update to version 2.2 or later to remediate this security issue (Patchstack).