CVE-2024-0593
First published: Wed Feb 21 2024(Updated: )
The Simple Job Board plugin for WordPress is vulnerable to unauthorized access of data| due to insufficient authorization checking on the fetch_quick_job() function in all versions up to, and including, 2.10.8. This makes it possible for unauthenticated attackers to fetch arbitrary posts, which can be password protected or private and contain sensitive information.
Credit: security@wordfence.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Simple Job Board | <2.11.0 | |
| Simple Job Board | <=2.10.8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-0593?
CVE-2024-0593 has a moderate severity level due to its potential for unauthorized data access.
How do I fix CVE-2024-0593?
To fix CVE-2024-0593, update the Simple Job Board plugin for WordPress to version 2.10.9 or later.
Who is affected by CVE-2024-0593?
All users of the Simple Job Board plugin for WordPress up to and including version 2.10.8 are affected by CVE-2024-0593.
What kind of attacks can be performed due to CVE-2024-0593?
CVE-2024-0593 allows unauthenticated attackers to fetch arbitrary posts, potentially exposing sensitive data.
Is CVE-2024-0593 exploitable remotely?
Yes, CVE-2024-0593 is exploitable remotely since it allows unauthorized access without authentication.
- agent/weakness
- agent/references
- agent/type
- agent/description
- agent/first-publish-date
- agent/author
- agent/severity
- collector/mitre-cve
- source/MITRE
- agent/source
- agent/last-modified-date
- agent/remedy
- agent/event
- agent/tags
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/guess-ai
- vendor/presstigers
- canonical/simple job board
- vendor/simple job board