CVE-2024-47636 — Deserialization of Untrusted Data in Jobsearch

CWE-502 — Deserialization of Untrusted Data3 documents3 sources

Severity

9.8CRITICALNVD

EPSS

0.8%

top 25.12%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Eyecix Jobsearch Eyecix Jobsearch WP JOB Board

Timeline

PublishedOct 10

Description

Deserialization of Untrusted Data vulnerability in eyecix JobSearch wp-jobsearch allows Object Injection.This issue affects JobSearch: from n/a through <= 2.5.9.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5eyecix/jobsearch2.5.9

▶NVDeyecix/jobsearch_wp_job_board2.5.9

🔴Vulnerability Details

CVEList

WordPress WP JobSearch plugin <= 2.5.9 - PHP Object Injection vulnerability↗2024-10-10

▶

GHSA

GHSA-w54v-m42x-2pxm: Deserialization of Untrusted Data vulnerability in Eyecix JobSearch allows Object Injection↗2024-10-10

▶