CVE-2024-0593

2024-02-2106:47:56

Wordfence

github.com

wordpress

job board

authorization

vulnerability

data access

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

7 High

AI Score

Confidence

Low

JSON

The Simple Job Board plugin for WordPress is vulnerable to unauthorized access of data| due to insufficient authorization checking on the fetch_quick_job() function in all versions up to, and including, 2.10.8. This makes it possible for unauthenticated attackers to fetch arbitrary posts, which can be password protected or private and contain sensitive information.

CNA Affected

[
  {
    "vendor": "presstigers",
    "product": "Simple Job Board",
    "versions": [
      {
        "version": "*",
        "status": "affected",
        "lessThanOrEqual": "2.10.8",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]