CVE-2023-52122: 
WordPress vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in PressTigers Simple Job Board WordPress plugin, affecting all versions up to and including 2.10.6. The vulnerability was reported on December 28, 2023, by security researcher Brandon James Roldan (Patchstack, WPScan).

The vulnerability stems from missing or incorrect nonce validation on an unknown function within the Simple Job Board plugin. The severity of this vulnerability has been assessed with varying CVSS scores: NIST assigned a high severity score of 8.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), while Patchstack rated it as medium severity with a score of 4.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N). The vulnerability is classified under CWE-352 (Cross-Site Request Forgery) (NVD).

The vulnerability allows unauthenticated attackers to perform unauthorized actions by tricking site administrators into clicking malicious links. However, the specific impact of these actions remains undisclosed (WPScan).

The vulnerability has been fixed in version 2.10.7 of the Simple Job Board plugin. Users are advised to update to this version or later to remove the vulnerability. Patchstack users have the option to enable auto-updates for vulnerable plugins (Patchstack).