The Simple Job Board plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.12.3 via deserialization of untrusted input when editing job applications. This makes it possible for authenticated attackers, with Editor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
Metrics
Affected Vendors & Products
References
History
Fri, 27 Sep 2024 13:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:2.3:a:presstigers:simple_job_board:*:*:*:*:*:wordpress:*:* |
Mon, 26 Aug 2024 20:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Presstigers
Presstigers simple Job Board |
|
CPEs | cpe:2.3:a:presstigers:simple_job_board:*:*:*:*:*:*:*:* | |
Vendors & Products |
Presstigers
Presstigers simple Job Board |
|
Metrics |
ssvc
|
Sat, 24 Aug 2024 07:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The Simple Job Board plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.12.3 via deserialization of untrusted input when editing job applications. This makes it possible for authenticated attackers, with Editor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. | |
Title | Simple Job Board <= 2.12.3 - Authenticated (Editor+) PHP Object Injection | |
Weaknesses | CWE-502 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2024-08-24T07:33:44.437Z
Updated: 2024-08-26T19:31:58.959Z
Reserved: 2024-07-31T20:36:06.329Z
Link: CVE-2024-7351
Vulnrichment
Updated: 2024-08-26T19:31:53.483Z
NVD
Status : Analyzed
Published: 2024-08-24T08:15:04.063
Modified: 2024-09-27T12:48:20.803
Link: CVE-2024-7351
Redhat
No data.