potentially serious data security issue

Ticket for: Job Board Manager
potentially serious data security issue 1
Oct 20, 2020 05:19 AM 1 Answers
Member Since Jan 1970
Unsolved Solved Mark as Solved Mark as Unsolved
Subscribed Subscribe Not subscribe

Hi - I have a client who had a site built by another party and is using your Job Board Manager plugin tied into their website.

I was resolving some issues for them today and I noticed that the submitted jobs has a default option for published/draft/private, but if someone applies, that immediately gets published to the website with an auto-generated URL that includes the application number.

If someone applied and wanted to see the application before them for the same job - all they have to do is go to the URL that was sent to them in the confirmation email and then just change the application number one back (8785 to 8784 and then on) and look at all the people who have applied to any jobs.

This is a major concern and has us discussing changing plugins to another platform. Is this something that's been addressed or is being addressed in upcoming updates?

If so, what's the roadmap so we can plan our risk mitigation? My client is involved in the legal field and can't afford an incident!

I'll share the website details in a private email reply as needed.

0 Subscribers
Submit Answer
Please login to submit answer.
1 Answers
Sort By:
Best Answer
potentially serious data security issue 2
Oct 20, 2020

Welcome to our forum.

Thanks for your report, i will check our plugin tomorrow and update soon. if possible please send me video walkthrough to regenerate errors.


Sign in to Reply
Replying as Submit