70 matches found
CVE-2025-49484
A SQL injection vulnerability in the JS Jobs plugin versions 1.0.0-1.4.1 for Joomla allows low-privilege users to execute arbitrary SQL commands via the 'cvid' parameter in the employee application feature...
CVE-2025-49484
A SQL injection vulnerability in the JS Jobs plugin versions 1.0.0-1.4.1 for Joomla allows low-privilege users to execute arbitrary SQL commands via the 'cvid' parameter in the employee application feature...
CVE-2025-49484 Extension - joomsky.com - SQL injection in JS jobs component version 1.1.5 - 1.4.1 for Joomla
A SQL injection vulnerability in the JS Jobs plugin versions 1.0.0-1.4.1 for Joomla allows low-privilege users to execute arbitrary SQL commands via the 'cvid' parameter in the employee application feature...
CVE-2025-49484
The CVE-2025-49484 issue affects the Joomla JS Jobs plugin (versions 1.0.0–1.4.1) from Joomsky. A SQL injection is achievable through the cvid parameter in the employee application workflow, allowing low-privilege users to execute arbitrary SQL commands. The vulnerability stems from improper hand...
PT-2025-30021 · Joomla · Js Jobs Plugin
Name of the Vulnerable Software and Affected Versions: JS Jobs plugin for Joomla versions 1.0.0 through 1.4.1 Description: A SQL injection vulnerability in the JS Jobs plugin for Joomla allows low-privilege users to execute arbitrary SQL commands via the cvid parameter in the employee application...
CVE-2014-125035
A vulnerability classified as problematic was found in Jobs-Plugin. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely. The identifier of the patch is b8a56718b1d42834c6ec51d9c489c5dc20471d7b. It is...
WordPress Jobs for WordPress plugin <= 2.7.11 - Authenticated (Subscriber+) Arbitrary File Read vulnerability
Authenticated Subscriber+ Arbitrary File Read vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Jobs for WordPress versions = 2.7.11...
WordPress Jobs for WordPress plugin < 2.7.11 - Contributor+ Stored XSS vulnerability
Contributor+ Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin Jobs for WordPress versions 2.7.11...
CVE-2025-1315
The InWave Jobs plugin for WordPress is vulnerable to privilege escalation via password reset in all versions up to, and including, 3.5.1. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to...
CVE-2025-1315
The InWave Jobs plugin for WordPress is vulnerable to privilege escalation via password reset in all versions up to, and including, 3.5.1. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to...
CVE-2025-1315 InWave Jobs <= 3.5.1 - Unauthenticated Privilege Escalation via Password Reset
The InWave Jobs plugin for WordPress is vulnerable to privilege escalation via password reset in all versions up to, and including, 3.5.1. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to...
CVE-2025-1315
CVE-2025-1315 : InWave Jobs plugin for WordPress (all versions up to 3.5.1) is vulnerable to unauthenticated privilege escalation via password reset. The root cause is improper validation of a user’s identity before updating passwords, allowing an attacker to change any user password (including a...
CVE-2025-1315 InWave Jobs <= 3.5.1 - Unauthenticated Privilege Escalation via Password Reset
The InWave Jobs plugin for WordPress is vulnerable to privilege escalation via password reset in all versions up to, and including, 3.5.1. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to...
VulnCheck KEV: CVE-2025-1315
The InWave Jobs plugin for WordPress is vulnerable to privilege escalation via password reset in all versions up to, and including, 3.5.1. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers...
CVE-2025-22208
A SQL injection vulnerability in the JS Jobs plugin versions 1.1.5-1.4.3 for Joomla allows authenticated attackers administrator to execute arbitrary SQL commands via the 'filteremail' parameter in the GDPR Erase Data Request search feature...
CVE-2025-22209
A SQL injection vulnerability in the JS Jobs plugin versions 1.1.5-1.4.3 for Joomla allows authenticated attackers administrator to execute arbitrary SQL commands via the 'searchpaymentstatus' parameter in the Employer Payment History search feature...
CVE-2025-22208
A SQL injection vulnerability in the JS Jobs plugin versions 1.1.5-1.4.3 for Joomla allows authenticated attackers administrator to execute arbitrary SQL commands via the 'filteremail' parameter in the GDPR Erase Data Request search feature...
CVE-2025-22209
A SQL injection vulnerability in the JS Jobs plugin versions 1.1.5-1.4.3 for Joomla allows authenticated attackers administrator to execute arbitrary SQL commands via the 'searchpaymentstatus' parameter in the Employer Payment History search feature...
CVE-2025-22208
CVE-2025-22208 affects the Joomla JS Jobs plugin (versions 1.1.5–1.4.3). The vulnerability is a SQL injection in the GDPR Erase Data Request search, exploitable by authenticated administrators via the filter_email parameter. Underlying cause is improper input handling in the SQL query used for th...
CVE-2025-22209 Extension - joomsky.com - SQL injection in JS jobs component version 1.1.5 - 1.4.3 for Joomla
A SQL injection vulnerability in the JS Jobs plugin versions 1.1.5-1.4.3 for Joomla allows authenticated attackers administrator to execute arbitrary SQL commands via the 'searchpaymentstatus' parameter in the Employer Payment History search feature...