CVE-2024-7761 — Cross-site Scripting in Simple JOB Board

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

6.1MEDIUMNVD

EPSS

0.1%

top 75.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Presstigers Simple JOB Board

Timeline

PublishedMay 15

Description

In the process of testing the Simple Job Board WordPress plugin before 2.12.2, a vulnerability was found that allows you to implement Stored XSS on behalf of the editor by embedding malicious script, which entails account takeover backdoor

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

▶NVDpresstigers/simple_job_board< 2.12.2

🔴Vulnerability Details

CVEList

Simple Job Board < 2.12.2 - Admin+ Stored XSS↗2025-05-15

▶

GHSA

GHSA-7vrj-wjmg-rqm2: In the process of testing the Simple Job Board WordPress plugin before 2↗2025-05-15

▶