cleantalk
Vulnerabilities and Security Researches

Simple Job Board, CVE-2021-39328

CVE, Research URL

CVE-2021-39328

Home page URL

Security reports for Simple Job Board

Application

Simple Job Board

Published on
Oct 22, 2021
Research Description
The Simple Job Board WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping on the $job_board_privacy_policy_label variable echo'd out via the ~/admin/settings/class-simple-job-board-settings-privacy.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 2.9.4. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.
Affected versions
max 2.9.5.
Status
vulnerable
Previous vulnerability researches
Simple Job Board (CVE-2023-29440) , Jun 06, 2024
Simple Job Board (CVE-2021-39328) , Jun 06, 2024
Simple Job Board (CVE-2023-52122) , Jun 06, 2024
Simple Job Board (CVE-2022-2558) , Jun 06, 2024
Simple Job Board (CVE-2020-35749) , Jun 06, 2024
New vulnerability
JB News Ticker (CVE-2025-11804) , Nov 11, 2025
My auctions allegro (CVE-2025-10048) , Nov 11, 2025
Sertifier Certificates & Open Badges – Tutor LMS (CVE-2025-53214) , Nov 11, 2025
Toast Mobile Menu – PageSpeed Insights Friendly (CVE-2025-53238) , Nov 11, 2025
Stripe Payment forms for WordPress Plugin – WP Full Pay (CVE-2025-9322) , Nov 11, 2025