High severity7.5NVD Advisory· Published Oct 19, 2017· Updated May 13, 2026

CVE-2015-6668

Description

The Job Manager plugin before 0.7.25 allows remote attackers to read arbitrary CV files via a brute force attack to the WordPress upload directory structure, related to an insecure direct object reference.

Affected products

Wp Jobmanager/Job Manager
cpe:2.3:a:wp-jobmanager:job_manager:*:*:*:*:*:wordpress:*:*
Range: <=0.7.24

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

vagmour.eu/cve-2015-6668-cv-filename-disclosure-on-job-manager-wordpress-plugin/nvdExploitTechnical DescriptionThird Party Advisory
wpvulndb.com/vulnerabilities/8167nvdExploitThird Party AdvisoryVDB Entry

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.067
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000