CVE-2015-6668
📋 TL;DR
This vulnerability in the Job Manager WordPress plugin allows attackers to read arbitrary CV/resume files uploaded through the plugin by brute-forcing predictable file paths. It affects WordPress sites using vulnerable versions of the Job Manager plugin, potentially exposing sensitive applicant information.
💻 Affected Systems
- WordPress Job Manager Plugin
📦 What is this software?
Job Manager by Wp Jobmanager
⚠️ Risk & Real-World Impact
Worst Case
Complete exposure of all CV files containing personal identifiable information (PII), resumes, contact details, and potentially sensitive employment history of job applicants.
Likely Case
Exposure of some CV files containing applicant PII, leading to privacy violations and potential data protection regulation violations.
If Mitigated
No file access due to proper access controls, file permissions, or web server configuration preventing directory traversal.
🎯 Exploit Status
Exploitation requires guessing/brute-forcing predictable file paths in the upload directory structure.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 0.7.25
Vendor Advisory: https://wordpress.org/plugins/job-manager/#developers
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find Job Manager plugin. 4. Click 'Update Now' if available. 5. Alternatively, download version 0.7.25+ from WordPress.org and replace plugin files.
🔧 Temporary Workarounds
Restrict upload directory access
allConfigure web server to deny direct access to the CV upload directory
# For Apache: Create .htaccess in upload directory with 'Deny from all'
# For Nginx: Add 'location ~ /uploads/job-manager-cvs/ { deny all; }' to site config
Disable CV upload functionality
allTemporarily disable CV file uploads in Job Manager settings
🧯 If You Can't Patch
- Move CV files outside web root directory and implement secure download handler
- Implement web application firewall (WAF) rules to block directory traversal patterns
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Job Manager → Version number. If version is below 0.7.25, system is vulnerable.Check Version:
# WordPress CLI: wp plugin get job-manager --field=version
# Or check /wp-content/plugins/job-manager/readme.txtVerify Fix Applied:
Confirm Job Manager plugin version is 0.7.25 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Multiple 200/206 responses for files in /wp-content/uploads/job-manager-cvs/
- Pattern of sequential file requests (file1.pdf, file2.pdf, etc.)
Network Indicators:
- HTTP GET requests to predictable CV file paths
- Unusual traffic to upload directory from single IP
SIEM Query:
source="web_server" AND (uri_path="/wp-content/uploads/job-manager-cvs/*" OR uri_path CONTAINS "job-manager-cvs") | stats count by src_ip