CVE-2024-7762: 
WordPress vulnerability analysis and mitigation

The Simple Job Board WordPress plugin before version 2.12.6 contains a sensitive data exposure vulnerability identified as CVE-2024-7762. The vulnerability was discovered by Dmitrii Ignatyev and publicly disclosed on May 15, 2025. This security issue affects websites using the Simple Job Board plugin for WordPress (WPScan).

The vulnerability stems from the plugin's failure to prevent directory listing of uploaded files, specifically in the job post uploads directory. The issue is classified as CWE-200 (Sensitive Data Disclosure) and has received a CVSS 3.1 base score of 7.5 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. The vulnerability can be exploited by accessing the upload directory path: http://example.com/wp-content/uploads/jobpost/2024 (WPScan, NVD).

The vulnerability allows unauthenticated users to access and download resumes that have been uploaded through the Simple Job Board plugin. This represents a significant privacy concern as resumes typically contain sensitive personal information of job applicants (WPScan).

The vulnerability has been fixed in version 2.12.6 of the Simple Job Board plugin. Website administrators using affected versions should immediately update to version 2.12.6 or later to protect against unauthorized access to uploaded resumes (WPScan).