Login Sign Up

CVE-2024-47636

9.8 CRITICAL
Remote Code Execution Deserialization

📋 TL;DR

This vulnerability allows attackers to execute arbitrary code through PHP object injection by exploiting unsafe deserialization in the Eyecix JobSearch WordPress plugin. All WordPress sites running JobSearch versions up to 2.5.9 are affected, potentially enabling complete system compromise.

💻 Affected Systems

Products:
  • Eyecix JobSearch WordPress Plugin
Versions: n/a through 2.5.9
Operating Systems: All operating systems running WordPress
Default Config Vulnerable: ⚠️ Yes
Notes: All WordPress installations with vulnerable JobSearch plugin versions are affected regardless of configuration.

📦 What is this software?

Jobsearch Wp Job Board by Eyecix

View all CVEs affecting Jobsearch Wp Job Board →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete server takeover, data exfiltration, ransomware deployment, or website defacement.

🟠

Likely Case

Unauthenticated attackers gain administrative access to WordPress, install backdoors, or steal sensitive data.

🟢

If Mitigated

Attackers can still exploit the vulnerability but impact is limited by network segmentation, minimal privileges, and other security controls.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Public exploit details exist, making this easily weaponizable by attackers with basic skills.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.6.0 or later

Vendor Advisory: https://patchstack.com/database/vulnerability/wp-jobsearch/wordpress-wp-jobsearch-plugin-2-5-9-php-object-injection-vulnerability?_s_id=cve

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'JobSearch' plugin. 4. Click 'Update Now' if update is available. 5. If no update appears, manually download version 2.6.0+ from WordPress repository and replace plugin files.

🔧 Temporary Workarounds

Disable JobSearch Plugin

all

Temporarily disable the vulnerable plugin until patching is possible.

wp plugin deactivate wp-jobsearch

Web Application Firewall Rule

all

Block requests containing serialized PHP objects targeting JobSearch endpoints.

🧯 If You Can't Patch

  • Disable the JobSearch plugin immediately.
  • Implement strict network segmentation to isolate affected WordPress instances.

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel > Plugins > JobSearch version. If version is 2.5.9 or earlier, you are vulnerable.

Check Version:

wp plugin get wp-jobsearch --field=version

Verify Fix Applied:

Confirm JobSearch plugin version is 2.6.0 or higher in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

  • Unusual POST requests to JobSearch plugin endpoints
  • PHP unserialize() errors in web server logs
  • Unexpected file uploads or modifications

Network Indicators:

  • HTTP requests containing serialized PHP objects (O: or a: patterns)
  • Traffic to known exploit paths like /wp-content/plugins/wp-jobsearch/

SIEM Query:

source="web_logs" AND (uri="*wp-jobsearch*" AND (data="*O:*" OR data="*a:*"))

📊 Metadata

CVE ID: CVE-2024-47636
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-502
Published: October 10, 2024
Last Updated: November 12, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-47636, you might also want to check these:

CVE-2023-46604 10.0

CVE-2023-46604 is a critical remote code execution vulnerability in Apache ActiveMQ's Java OpenWire ...

Same vulnerability type (CWE-502)
CVE-2023-49772 10.0

This vulnerability allows unauthenticated attackers to execute arbitrary PHP code through deserializ...

Same vulnerability type (CWE-502)
CVE-2024-25100 10.0

This vulnerability allows unauthenticated attackers to inject malicious PHP objects via deserializat...

Same vulnerability type (CWE-502)