Vulnerabilities > Presstigers
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-05 | CVE-2023-52122 | Cross-Site Request Forgery (CSRF) vulnerability in Presstigers Simple JOB Board Cross-Site Request Forgery (CSRF) vulnerability in PressTigers Simple Job Board.This issue affects Simple Job Board: from n/a through 2.10.6. | 8.8 |
| 2023-11-30 | CVE-2023-48283 | Cross-Site Request Forgery (CSRF) vulnerability in Presstigers Simple Testimonials Showcase Cross-Site Request Forgery (CSRF) vulnerability in PressTigers Simple Testimonials Showcase allows Cross Site Request Forgery.This issue affects Simple Testimonials Showcase: from n/a through 1.1.5. | 8.8 |
| 2023-11-10 | CVE-2023-29440 | Cross-Site Request Forgery (CSRF) vulnerability in Presstigers Simple JOB Board Cross-Site Request Forgery (CSRF) vulnerability in PressTigers Simple Job Board plugin <= 2.10.3 versions. | 8.8 |
| 2022-03-25 | CVE-2022-25611 | Cross-site Scripting vulnerability in Presstigers Simple Event Planner Authenticated Stored Cross-Site Scripting (XSS) in Simple Event Planner plugin <= 1.5.4 allows attackers with contributor or higher user roles to inject the malicious script by using vulnerable parameter &custom[add_seg][]. | 3.5 |
| 2022-03-25 | CVE-2022-25612 | Cross-site Scripting vulnerability in Presstigers Simple Event Planner Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities in Simple Event Planner WordPress plugin <= 1.5.4 allows user with author or higher user rights inject the malicious code via vulnerable parameters: &custom[event_organiser], &custom[organiser_email], &custom[organiser_contact]. | 3.5 |
| 2021-10-21 | CVE-2021-39328 | Cross-site Scripting vulnerability in Presstigers Simple JOB Board The Simple Job Board WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping on the $job_board_privacy_policy_label variable echo'd out via the ~/admin/settings/class-simple-job-board-settings-privacy.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 2.9.4. | 3.5 |
| 2021-01-15 | CVE-2020-35749 | Path Traversal vulnerability in Presstigers Simple Board JOB Directory traversal vulnerability in class-simple_job_board_resume_download_handler.php in the Simple Board Job plugin 2.9.3 and earlier for WordPress allows remote attackers to read arbitrary files via the sjb_file parameter to wp-admin/post.php. | 4.0 |
| 2019-08-13 | CVE-2017-18498 | Cross-site Scripting vulnerability in Presstigers Simple JOB Board The simple-job-board plugin before 2.4.4 for WordPress has reflected XSS via keyword search. | 4.3 |