CVSS: 7.7EPSS: 39%CPEs: 1EXPL: 6CVE-2020-35749 – Simple Job Board <= 2.9.3 - Local File Inclusion
https://notcve.org/view.php?id=CVE-2020-35749
15 Jan 2021 — Directory traversal vulnerability in class-simple_job_board_resume_download_handler.php in the Simple Board Job plugin 2.9.3 and earlier for WordPress allows remote attackers to read arbitrary files via the sjb_file parameter to wp-admin/post.php. Una vulnerabilidad de salto de directorio en el archivo class-simple_job_board_resume_download_handler.php en el plugin Simple Board Job versiones 2.9.3 y anteriores para WordPress, permite a atacantes remotos leer archivos arbitrarios por medio del parámetro sjb_... • https://www.exploit-db.com/exploits/49450 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18498 – Simple Job Board <= 2.4.4 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-18498
19 Apr 2017 — The simple-job-board plugin before 2.4.4 for WordPress has reflected XSS via keyword search. El complemento the simple-job-board anterior de 2.4.4 para WordPress ha reflejado XSS a través de la búsqueda de palabras clave. • https://wordpress.org/plugins/simple-job-board/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •