CVE-2024-7351 – The Simple Job Board WordPress plugin is vulner... (How to Fix)

Q: What is the severity of CVE-2024-7351?

CVE-2024-7351 has a CVSS score of 7.2 (HIGH). The Simple Job Board WordPress plugin is vulnerable to PHP object injection through deserialization of untrusted input when editing job applications. This affects all versions up to 2.12.3 and requires authenticated attackers with Editor-level access or higher. While no known POP chain exists in the vulnerable software itself, if other plugins or themes provide one, exploitation could lead to arbitrary file deletion, data theft, or code execution.

📋 TL;DR

The Simple Job Board WordPress plugin is vulnerable to PHP object injection through deserialization of untrusted input when editing job applications. This affects all versions up to 2.12.3 and requires authenticated attackers with Editor-level access or higher. While no known POP chain exists in the vulnerable software itself, if other plugins or themes provide one, exploitation could lead to arbitrary file deletion, data theft, or code execution.

💻 Affected Systems

Products:

Simple Job Board WordPress Plugin

Versions: All versions up to and including 2.12.3

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Requires WordPress installation with Simple Job Board plugin enabled. Vulnerability requires authenticated user with Editor role or higher.

📦 What is this software?

Simple Job Board by Presstigers

View all CVEs affecting Simple Job Board →

⚠️ Risk & Real-World Impact

🔴

Worst Case

If a POP chain is present via another plugin/theme, attackers could achieve remote code execution, delete critical files, or exfiltrate sensitive data from the WordPress installation.

🟠

Likely Case

Limited impact due to the requirement for Editor-level access and lack of known POP chain in the vulnerable software, potentially resulting in denial of service or limited data manipulation.

🟢

If Mitigated

With proper access controls limiting Editor roles and monitoring for suspicious activity, impact is minimal even if exploited.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires Editor-level access and depends on availability of POP chain from other installed components. No known public exploits at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after 2.12.3

Vendor Advisory: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3138348%40simple-job-board%2Ftrunk&old=3113171%40simple-job-board%2Ftrunk&sfp_email=&sfph_mail=#file12

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find Simple Job Board plugin. 4. Click 'Update Now' if available. 5. Alternatively, download latest version from WordPress plugin repository and manually update.

🔧 Temporary Workarounds

Restrict Editor Role Access

all

Limit number of users with Editor role and review permissions regularly

Disable Plugin Temporarily

linux

Deactivate Simple Job Board plugin until patched

wp plugin deactivate simple-job-board

🧯 If You Can't Patch

Remove Editor role from untrusted users and implement principle of least privilege
Monitor application logs for suspicious deserialization attempts and implement WAF rules to block PHP object injection patterns

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel → Plugins → Simple Job Board → Version number. If version is 2.12.3 or lower, system is vulnerable.

Check Version:

wp plugin get simple-job-board --field=version

Verify Fix Applied:

Verify plugin version is higher than 2.12.3 in WordPress admin panel and test job application editing functionality.

📡 Detection & Monitoring

Log Indicators:

Unusual PHP deserialization errors in WordPress debug logs
Multiple failed authentication attempts followed by successful Editor login
Suspicious file operations or unexpected PHP execution

Network Indicators:

POST requests to /wp-admin/admin-ajax.php with serialized data in parameters
Unusual outbound connections following job application edits

SIEM Query:

source="wordpress.log" AND ("unserialize" OR "PHP Object Injection" OR "Editor role")

📊 Metadata

CVE ID: CVE-2024-7351

CVSS v3 Score: 7.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-502

Published: August 24, 2024

Last Updated: September 27, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-7351, you might also want to check these: