CVE-2024-0593
Simple Job Board <= 2.10.8 - Missing Authorization to Unauthenticated Information Disclosure
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The Simple Job Board plugin for WordPress is vulnerable to unauthorized access of data| due to insufficient authorization checking on the fetch_quick_job() function in all versions up to, and including, 2.10.8. This makes it possible for unauthenticated attackers to fetch arbitrary posts, which can be password protected or private and contain sensitive information.
El complemento Simple Job Board para WordPress es vulnerable al acceso no autorizado a los datos | debido a una verificación de autorización insuficiente en la función fetch_quick_job() en todas las versiones hasta la 2.10.8 incluida. Esto hace posible que atacantes no autenticados obtengan publicaciones arbitrarias, que pueden estar protegidas con contraseña o ser privadas y contener información confidencial.
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2024-01-16 CVE Reserved
- 2024-02-20 CVE Published
- 2024-02-21 EPSS Updated
- 2024-08-01 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-862: Missing Authorization
CAPEC
References (2)
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Presstigers Search vendor "Presstigers" | Simple Job Board Search vendor "Presstigers" for product "Simple Job Board" | <= 2.10.8 Search vendor "Presstigers" for product "Simple Job Board" and version " <= 2.10.8" | en |
Affected
| ||||||