WordPress Job Manager & Career Plugin <= 1.4.4 is vulnerable to Cross Site Request Forgery (CSRF) leading to PHP Object Injection
CVE-2023-51545

9.6CRITICAL

Key Information:

Vendor: WordPress
Status: Job Manager & Career – Manage job board listings, and recruitments
Vendor: CVE Published:; 29 December 2023

Summary

A Cross-Site Request Forgery (CSRF) vulnerability in the ThemeHigh Job Manager & Career plugin enables attackers to exploit the deserialization of untrusted data. This can lead to unauthorized actions being performed on behalf of unsuspecting users, compromising the integrity of job board listings and recruitment processes. The vulnerability affects versions from n/a through 1.4.4.

Affected Version(s)

Job Manager & Career – Manage job board listings, and recruitments <= 1.4.4

References

https://patchstack.com/database/vulnerability/job-manager...

vdb-entry

CVSS V3.1

Score:

9.6

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Dec 29, 2023
Vulnerability Reserved
Dec 20, 2023

Credit

Rafie Muhammad (Patchstack)