Lucene search
K

70 matches found

RedhatCVE
RedhatCVE
added 2025/07/20 9:59 a.m.13 views

CVE-2025-49484

A SQL injection vulnerability in the JS Jobs plugin versions 1.0.0-1.4.1 for Joomla allows low-privilege users to execute arbitrary SQL commands via the 'cvid' parameter in the employee application feature...

8.7CVSS8.9AI score0.03081EPSS
Exploits1References1
NVD
NVD
added 2025/07/18 10:15 a.m.10 views

CVE-2025-49484

A SQL injection vulnerability in the JS Jobs plugin versions 1.0.0-1.4.1 for Joomla allows low-privilege users to execute arbitrary SQL commands via the 'cvid' parameter in the employee application feature...

8.7CVSS0.03081EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/07/18 9:51 a.m.14 views

CVE-2025-49484 Extension - joomsky.com - SQL injection in JS jobs component version 1.1.5 - 1.4.1 for Joomla

A SQL injection vulnerability in the JS Jobs plugin versions 1.0.0-1.4.1 for Joomla allows low-privilege users to execute arbitrary SQL commands via the 'cvid' parameter in the employee application feature...

8.7CVSS8.2AI score0.03081EPSS
Exploits1References3
CVE
CVE
added 2025/07/18 9:51 a.m.32 views

CVE-2025-49484

The CVE-2025-49484 issue affects the Joomla JS Jobs plugin (versions 1.0.0–1.4.1) from Joomsky. A SQL injection is achievable through the cvid parameter in the employee application workflow, allowing low-privilege users to execute arbitrary SQL commands. The vulnerability stems from improper hand...

8.7CVSS8.2AI score0.03081EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/07/18 12:0 a.m.7 views

PT-2025-30021 · Joomla · Js Jobs Plugin

Name of the Vulnerable Software and Affected Versions: JS Jobs plugin for Joomla versions 1.0.0 through 1.4.1 Description: A SQL injection vulnerability in the JS Jobs plugin for Joomla allows low-privilege users to execute arbitrary SQL commands via the cvid parameter in the employee application...

8.7CVSS8.1AI score0.03081EPSS
Exploits1References8
RedhatCVE
RedhatCVE
added 2025/05/22 1:30 p.m.5 views

CVE-2014-125035

A vulnerability classified as problematic was found in Jobs-Plugin. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely. The identifier of the patch is b8a56718b1d42834c6ec51d9c489c5dc20471d7b. It is...

6.1CVSS6.3AI score0.00579EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/03/25 9:41 p.m.6 views

WordPress Jobs for WordPress plugin <= 2.7.11 - Authenticated (Subscriber+) Arbitrary File Read vulnerability

Authenticated Subscriber+ Arbitrary File Read vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Jobs for WordPress versions = 2.7.11...

6.5CVSS7AI score0.0067EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/03/25 6:43 a.m.7 views

WordPress Jobs for WordPress plugin < 2.7.11 - Contributor+ Stored XSS vulnerability

Contributor+ Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin Jobs for WordPress versions 2.7.11...

5.9CVSS6.1AI score0.00298EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2025/03/07 9:15 a.m.3 views

CVE-2025-1315

The InWave Jobs plugin for WordPress is vulnerable to privilege escalation via password reset in all versions up to, and including, 3.5.1. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to...

9.8CVSS7.4AI score0.00464EPSS
Exploits0References2
NVD
NVD
added 2025/03/07 9:15 a.m.31 views

CVE-2025-1315

The InWave Jobs plugin for WordPress is vulnerable to privilege escalation via password reset in all versions up to, and including, 3.5.1. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to...

9.8CVSS0.00464EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/03/07 8:21 a.m.8 views

CVE-2025-1315 InWave Jobs <= 3.5.1 - Unauthenticated Privilege Escalation via Password Reset

The InWave Jobs plugin for WordPress is vulnerable to privilege escalation via password reset in all versions up to, and including, 3.5.1. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to...

9.8CVSS7.8AI score0.00464EPSS
Exploits0References2
CVE
CVE
added 2025/03/07 8:21 a.m.60 views

CVE-2025-1315

CVE-2025-1315 : InWave Jobs plugin for WordPress (all versions up to 3.5.1) is vulnerable to unauthenticated privilege escalation via password reset. The root cause is improper validation of a user’s identity before updating passwords, allowing an attacker to change any user password (including a...

9.8CVSS7.8AI score0.00464EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/03/07 8:21 a.m.34 views

CVE-2025-1315 InWave Jobs <= 3.5.1 - Unauthenticated Privilege Escalation via Password Reset

The InWave Jobs plugin for WordPress is vulnerable to privilege escalation via password reset in all versions up to, and including, 3.5.1. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to...

9.8CVSS0.00464EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2025/03/07 12:0 a.m.4 views

VulnCheck KEV: CVE-2025-1315

The InWave Jobs plugin for WordPress is vulnerable to privilege escalation via password reset in all versions up to, and including, 3.5.1. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers...

9.8CVSS5.8AI score0.00464EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/17 8:16 a.m.7 views

CVE-2025-22208

A SQL injection vulnerability in the JS Jobs plugin versions 1.1.5-1.4.3 for Joomla allows authenticated attackers administrator to execute arbitrary SQL commands via the 'filteremail' parameter in the GDPR Erase Data Request search feature...

4.7CVSS8.4AI score0.00604EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/17 8:16 a.m.8 views

CVE-2025-22209

A SQL injection vulnerability in the JS Jobs plugin versions 1.1.5-1.4.3 for Joomla allows authenticated attackers administrator to execute arbitrary SQL commands via the 'searchpaymentstatus' parameter in the Employer Payment History search feature...

4.7CVSS8.4AI score0.00274EPSS
Exploits1References1
NVD
NVD
added 2025/02/15 9:15 a.m.7 views

CVE-2025-22208

A SQL injection vulnerability in the JS Jobs plugin versions 1.1.5-1.4.3 for Joomla allows authenticated attackers administrator to execute arbitrary SQL commands via the 'filteremail' parameter in the GDPR Erase Data Request search feature...

4.7CVSS0.00604EPSS
Exploits1References2
NVD
NVD
added 2025/02/15 9:15 a.m.7 views

CVE-2025-22209

A SQL injection vulnerability in the JS Jobs plugin versions 1.1.5-1.4.3 for Joomla allows authenticated attackers administrator to execute arbitrary SQL commands via the 'searchpaymentstatus' parameter in the Employer Payment History search feature...

4.7CVSS0.00274EPSS
Exploits1References2
CVE
CVE
added 2025/02/15 8:10 a.m.61 views

CVE-2025-22208

CVE-2025-22208 affects the Joomla JS Jobs plugin (versions 1.1.5–1.4.3). The vulnerability is a SQL injection in the GDPR Erase Data Request search, exploitable by authenticated administrators via the filter_email parameter. Underlying cause is improper input handling in the SQL query used for th...

4.7CVSS8.7AI score0.00604EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2025/02/15 8:10 a.m.12 views

CVE-2025-22209 Extension - joomsky.com - SQL injection in JS jobs component version 1.1.5 - 1.4.3 for Joomla

A SQL injection vulnerability in the JS Jobs plugin versions 1.1.5-1.4.3 for Joomla allows authenticated attackers administrator to execute arbitrary SQL commands via the 'searchpaymentstatus' parameter in the Employer Payment History search feature...

0.00274EPSS
Exploits1References2
Rows per page
Query Builder