Thousands of Resumes Left Exposed on UN WordPress Site
A security researcher recently discovered a bug on one of UN’s WordPress websites which exposed thousands of applicants’ resumes from way back in 2016.
Seekurity’s Mohamed Baset said that he was able to access the submitted resumes via an improperly configured web application which was easily fixable. However, Baset said that after sending a report to firstname.lastname@example.org, he got a reply saying that the flaw did not “pertain to the United Nations Secretariat, and is for UNDP [United Nations Development Programme].” Baset then made a full public disclosure 48 hours after the UN received his disclosure but did not take any action on the matter.
Source: Bleeping Computer