CVEDB API

Vulnerabilities

Vulnerable Software

Presstigers: Security Vulnerabilities

CVE-2022-25611

Authenticated Stored Cross-Site Scripting (XSS) in Simple Event Planner plugin <= 1.5.4 allows attackers with contributor or higher user roles to inject the malicious script by using vulnerable parameter &custom[add_seg][].

CVSS Score

4.1

EPSS Score

0.002

Published

2022-03-25

CVE-2022-25612

Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities in Simple Event Planner WordPress plugin <= 1.5.4 allows user with author or higher user rights inject the malicious code via vulnerable parameters: &custom[event_organiser], &custom[organiser_email], &custom[organiser_contact].

CVSS Score

4.1

EPSS Score

0.002

Published

2022-03-25

CVE-2021-39328

The Simple Job Board WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping on the $job_board_privacy_policy_label variable echo'd out via the ~/admin/settings/class-simple-job-board-settings-privacy.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 2.9.4. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.

CVSS Score

5.5

EPSS Score

0.004

Published

2021-10-21

CVE-2020-35749

Directory traversal vulnerability in class-simple_job_board_resume_download_handler.php in the Simple Board Job plugin 2.9.3 and earlier for WordPress allows remote attackers to read arbitrary files via the sjb_file parameter to wp-admin/post.php.

CVSS Score

7.7

EPSS Score

0.768

Published

2021-01-15

CVE-2017-18498

The simple-job-board plugin before 2.4.4 for WordPress has reflected XSS via keyword search.

CVSS Score

6.1

EPSS Score

0.002

Published

2019-08-13

Page 2

Vulnerabilities

Vulnerable Software

Presstigers: Security Vulnerabilities

Products

Pricing

Contact Us