11 matches found
CVE-2024-1813
CVE-2024-1813 – Simple Job Board (WordPress) is a PHP Object Injection vulnerability in all versions up to 2.11.0, caused by deserialization of untrusted input in job_board_applicant_list_columns_value. It allows unauthenticated attackers to inject a PHP object; with a POP chain from another plug...
CVE-2023-47188
CVE-2023-47188 affects the WordPress plugin Simple Job Board (versions
CVE-2022-2558
The CVE-2022-2558 issue affects the WordPress plugin Simple Job Board prior to version 2.10.0 . The vulnerability is a directory listing disclosure that allows public access to uploaded resumes in certain configurations. Affected component is the plugin’s file handling in those configurations, en...
CVE-2024-0593
The CVE pertains to the WordPress plugin Simple Job Board . It reports insufficient authorization checks in the function fetch_quick_job() affecting all versions up to and including 2.10.8 , allowing unauthenticated attackers to fetch arbitrary (potentially password‑protected or private) posts co...
CVE-2017-18498
The CVE affects the WordPress Simple Job Board plugin. Affected version range: before 2.4.4 (reported as before 2.4.4; other sources suggest
CVE-2024-7351
CVE-2024-7351 affects the WordPress plugin “Simple Job Board” (versions up to and including 2.12.3). The vulnerability is a PHP Object Injection via deserialization of untrusted input when updating job applications, exploitable by authenticated users with Editor+ privileges. The initial disclosur...
CVE-2023-52122
CVE-2023-52122 is a CSRF vulnerability in the WordPress plugin Simple Job Board (affected: Simple Job Board
CVE-2021-39328
The WordPress plugin Simple Job Board is affected by CVE-2021-39328: an authenticated stored XSS in versions up to 2.9.4 caused by insufficient escaping of the $job_board_privacy_policy_label in privacy settings (class-simple-job-board-settings-privacy.php). An attacker with administrative access...
CVE-2023-29440
CVE-2023-29440 describes a Cross-Site Request Forgery (CSRF) in the WordPress plugin Simple Job Board (PressTigers) versions <= 2.10.3. The issue is triggered by unauthenticated CSRF actions (sjb_save_settings_section) that could permit state-changing requests without user intent, as documente...
CVE-2024-7761
CVE-2024-7761 affects the WordPress Simple Job Board plugin prior to version 2.12.2. The vulnerability is a Stored XSS that can be executed via the editor/admin interface by embedding a malicious script, potentially enabling an account takeover backdoor. Affected product: Simple Job Board WordPre...
CVE-2024-7762
CVE-2024-7762 affects the WordPress plugin Simple Job Board (versions prior to 2.12.6). The vulnerability arises because the plugin does not prevent listing of uploaded files, allowing unauthenticated users to access and download uploaded resumes. Impact is limited to unauthorized disclosure of u...