Critical severity9.8NVD Advisory· Published Apr 9, 2024· Updated Apr 8, 2026

CVE-2024-1813

Description

The Simple Job Board plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.11.0 via deserialization of untrusted input in the job_board_applicant_list_columns_value function. This makes it possible for unauthenticated attackers to inject a PHP Object. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code when a submitted job application is viewed.

Affected products

Presstigers/Simple Job Board
cpe:2.3:a:presstigers:simple_job_board:*:*:*:*:*:wordpress:*:*
Range: <2.11.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.wordfence.com/threat-intel/vulnerabilities/id/89584034-4a93-42a6-8fef-55dc3895c45cnvdThird Party Advisory
plugins.trac.wordpress.org/changesetnvdProduct

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.006
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000