CVE-2024-1813

CRITICAL LAB

Simple Job Board <= 2.11.0 - Unauthenticated PHP Object Injection via job_board_applicant_list_columns_value

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-1813. PoCs published by MobetaSec.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2024-1813, demonstrating unauthenticated PHP object injection in Simple Job Board <= 2.11.0. The PoC stores a serialized payload via the public application form and triggers RCE when an admin views the applicants list.

Description

The Simple Job Board plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.11.0 via deserialization of untrusted input in the job_board_applicant_list_columns_value function. This makes it possible for unauthenticated attackers to inject a PHP Object. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code when a submitted job application is viewed.

Exploits (1)

github WORKING POC

by MobetaSec · pythonpoc

https://github.com/MobetaSec/CVE-2024-1813-POC

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2024-1813, demonstrating unauthenticated PHP object injection in Simple Job Board <= 2.11.0. The PoC stores a serialized payload via the public application form and triggers RCE when an admin views the applicants list.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Simple Job Board (WordPress plugin) <= 2.11.0

No auth needed

Prerequisites: All In One SEO plugin (for Monolog gadget chain) · Admin interaction to trigger payload

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Jun 18, 2026 Full analysis →

References (2)

Core 2

Core References

Product

https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3051715%40simple-job-board&old=3038476%40simple-job-board&sfp_email=&sfph_mail=

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/89584034-4a93-42a6-8fef-55dc3895c45c?source=cve

Scores

CVSS v3 9.8

EPSS 0.0111

EPSS Percentile 61.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Lab Environment

COMMUNITY

Community Lab

docker pull wordpress:6.9.4-php8.3-apache

docker pull wordpress:cli

https://github.com/MobetaSec/CVE-2024-1813-POC

View in Library

Details

CWE

CWE-502

Status published

Products (2)

presstigers/Simple Job Board < 2.11.0

presstigers/simple_job_board < 2.11.1

Published Apr 09, 2024

Tracked Since Feb 18, 2026