vulnerability

WordPress Theme: noo-jobmonster: CVE-2022-1166: Exposure of Sensitive Information to an Unauthorized Actor

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:P/I:N/A:N)	Sep 11, 2020	Dec 8, 2025	Dec 8, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:N/A:N)

Published

Sep 11, 2020

Added

Dec 8, 2025

Modified

Dec 8, 2025

Description

The Noo JobMonster theme is vulnerable to Sensitive Information Disclosure via Directory Listing in the /wp-content/uploads/jobmonster/ folder, as it did not include a default PHP file, or .htaccess file in versions up to, and including 4.6.6. This could expose personal data such as people's resumes. Although Directory Listing can be prevented by securely configuring the web server, vendors can also take measures to make it less likely to happen.

Solution

noo-jobmonster-theme-cve-2022-1166

References

URL-https://www.cve.org/CVERecord?id=CVE-2022-1166
URL-https://www.wordfence.com/threat-intel/vulnerabilities/id/07eec594-6c46-4df0-92f1-f090e510d79d?source=api-prod
CVE-2022-1166
https://attackerkb.com/topics/CVE-2022-1166
CWE-22

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today