Simple Job Board < 2.11.0 – Missing Authorization to Unauthenticated Information Disclosure | CVE 2024-0593 | Plugin Vulnerabilities

Description

The Simple Job Board plugin for WordPress is vulnerable to unauthorized access of data| due to insufficient authorization checking on the fetch_quick_job() function in all versions up to, and including, 2.10.8. This makes it possible for unauthenticated attackers to fetch arbitrary posts, which can be password protected or private and contain sensitive information.

Affects Plugins

simple-job-board

Fixed in 2.11.0

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/0a28a161-3dbc-4ef0-a2ce-4c102cf3cbb0

Classification

Type

NO AUTHORISATION

OWASP top 10

A5: Broken Access Control

CWE

CVSS

Miscellaneous

Original Researcher

Krzysztof Zając

Verified

No

WPVDB ID

bece29f1-3b78-4dee-90a1-68d989af59a2

Timeline

Publicly Published

2024-02-20 (about 2 years ago)

Added

2024-02-20 (about 2 years ago)

Last Updated

2024-02-20 (about 2 years ago)

Other

Published

Title

Published

2025-12-20

Title

Editorial Calendar < 3.8.9 - Missing Authorization

Published

2025-12-15

Title

WCFM Marketplace <= 3.6.17 - Missing Authorization

Published

2025-10-16

Title

HomeLancer < 1.0.2 - Missing Authorization

Published

2024-08-07

Title

Waitlist Woocommerce ( Back in stock notifier ) < 2.6.1 - Missing Authorization

Published

2024-09-25

Title

Fluent Support < 1.8.1 - Insufficient Authorization on Email Verification