WordPress Plugin Vulnerabilities

WP Job Manager < 1.31.3 - Phar Deserialization

Description

The WP Job Manager WordPress plugin was affected by a Phar Deserialization security vulnerability.

Affects Plugins

Plugin icon
wp-job-manager
Fixed in 1.31.3

References

URL
https://www.ripstech.com/php-security-calendar-2018/#Day21

Classification

Type
OBJECT INJECTION
OWASP top 10
A8: Insecure Deserialization
CWE
CWE-502

Miscellaneous

Original Researcher
RIPS Technologies
Submitter
Ryan Dewhurst
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
382e1efb-ce01-46bd-b22f-3c681ea47ea0

Timeline

Publicly Published
2018-12-22 (about 7 years ago)
Added
2019-01-07 (about 7 years ago)
Last Updated
2021-09-21 (about 4 years ago)

Other

Published
Title
Published
2025-11-04
Title
Everest Forms (Pro) < 1.9.8 - Unauthenticated PHP Object Injection via PHAR Deserialization in Form Signature
Published
2024-01-30
Title
WordPress < 6.4.3 - Deserialization of Untrusted Data
Published
2025-08-23
Title
PDF for WPForms < 6.5.1 - Authenticated (Subscriber+) PHP Object Injection
Published
2026-04-20
Title
Valeska < 1.3 - Unauthenticated PHP Object Injection
Published
2025-07-08
Title
Noisa < 2.6.2 - Authenticated (Subscriber+) PHP Object Injection