CVE-2024-7351 – Simple Job Board <= 2.12.3 - Authenticated (Editor+) PHP Object Injection
https://notcve.org/view.php?id=CVE-2024-7351
The Simple Job Board plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.12.3 via deserialization of untrusted input when editing job applications. This makes it possible for authenticated attackers, with Editor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. • https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3138348%40simple-job-board%2Ftrunk&old=3113171%40simple-job-board%2Ftrunk&sfp_email=&sfph_mail=#file12 https://www.wordfence.com/threat-intel/vulnerabilities/id/ba6312b9-1b66-4b4f-a78d-515fa4aab63b?source=cve • CWE-502: Deserialization of Untrusted Data •
CVE-2024-1813 – Simple Job Board <= 2.11.0 - Unauthenticated PHP Object Injection via Job Application Fields
https://notcve.org/view.php?id=CVE-2024-1813
The Simple Job Board plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.11.0 via deserialization of untrusted input in the job_board_applicant_list_columns_value function. This makes it possible for unauthenticated attackers to inject a PHP Object. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code when a submitted job application is viewed. El complemento Simple Job Board para WordPress es vulnerable a la inyección de objetos PHP en todas las versiones hasta la 2.11.0 incluida a través de la deserialización de entradas que no son de confianza en la función job_board_applicant_list_columns_value. Esto hace posible que atacantes no autenticados inyecten un objeto PHP. • https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3051715%40simple-job-board&old=3038476%40simple-job-board&sfp_email=&sfph_mail= https://www.wordfence.com/threat-intel/vulnerabilities/id/89584034-4a93-42a6-8fef-55dc3895c45c?source=cve • CWE-502: Deserialization of Untrusted Data •
CVE-2024-0593 – Simple Job Board <= 2.10.8 - Missing Authorization to Unauthenticated Information Disclosure
https://notcve.org/view.php?id=CVE-2024-0593
The Simple Job Board plugin for WordPress is vulnerable to unauthorized access of data| due to insufficient authorization checking on the fetch_quick_job() function in all versions up to, and including, 2.10.8. This makes it possible for unauthenticated attackers to fetch arbitrary posts, which can be password protected or private and contain sensitive information. El complemento Simple Job Board para WordPress es vulnerable al acceso no autorizado a los datos | debido a una verificación de autorización insuficiente en la función fetch_quick_job() en todas las versiones hasta la 2.10.8 incluida. Esto hace posible que atacantes no autenticados obtengan publicaciones arbitrarias, que pueden estar protegidas con contraseña o ser privadas y contener información confidencial. • https://plugins.trac.wordpress.org/changeset/3038476/simple-job-board/trunk/includes/class-simple-job-board-ajax.php https://www.wordfence.com/threat-intel/vulnerabilities/id/0a28a161-3dbc-4ef0-a2ce-4c102cf3cbb0?source=cve • CWE-862: Missing Authorization •
CVE-2023-52122 – WordPress Simple Job Board Plugin <= 2.10.6 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-52122
Cross-Site Request Forgery (CSRF) vulnerability in PressTigers Simple Job Board.This issue affects Simple Job Board: from n/a through 2.10.6. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en PressTigers Simple Job Board. Este problema afecta a Simple Job Board: desde n/a hasta 2.10.6. The Simple Job Board plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.10.6. This is due to missing or incorrect nonce validation on an unknown function. • https://patchstack.com/database/vulnerability/simple-job-board/wordpress-simple-job-board-plugin-2-10-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2023-48283 – WordPress Simple Testimonials Showcase Plugin <= 1.1.5 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-48283
Cross-Site Request Forgery (CSRF) vulnerability in PressTigers Simple Testimonials Showcase allows Cross Site Request Forgery.This issue affects Simple Testimonials Showcase: from n/a through 1.1.5. La vulnerabilidad de Cross-Site Request Forgery (CSRF) en PressTigers Simple Testimonials Showcase permite Cross Site Request Forgery. Este problema afecta a Simple Testimonials Showcase: desde n/a hasta 1.1.5. The Simple Testimonials Showcase plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.6. This is due to missing or incorrect nonce validation on the sts_save_settings() function. • https://patchstack.com/database/vulnerability/simple-testimonials-showcase/wordpress-simple-testimonials-showcase-plugin-1-1-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •