11 matches found
CVE-2018-20974
CVE-2018-20974 affects the WordPress plugin js-jobs (JS Job Manager) prior to version 1.0.7. The root cause is CSRF due to insufficient verification of trusted-user requests, enabling forgery of cross-site actions. Impact details are limited to what is stated in the sources (CSRF with potential f...
CVE-2023-28689
CVE-2023-28689 : WordPress plugin JS Job Manager (versions
CVE-2025-32660
CVE-2025-32660 : WordPress JS Job Manager plugin versions n/a–2.0.2 is vulnerable to Unrestricted Upload of File with Dangerous Type, enabling an attacker to upload a Web Shell to the server. Root cause: improper validation of uploaded file types allows arbitrary file uploads. Current references ...
CVE-2025-32146
CVE-2025-32146 affects the WordPress plugin JS Job Manager (affected: v2.0.2 and earlier). The issue is an improper control of filename for PHP include/require, enabling PHP Local File Inclusion (and described as PHP Remote File Inclusion) with an authenticated attacker (Contributor+) to exploit....
CVE-2025-32626
CVE-2025-32626 is a SQL Injection vulnerability in WordPress JS Job Manager (affected: versions up to 2.0.2) due to improper neutralization of special elements in SQL commands. Exploitation could lead to unauthorized data access and modification (high impact on confidentiality and integrity; avai...
CVE-2025-31868
CVE-2025-31868: Missing Authorization in the WordPress plugin JS Job Manager (JS Job Manager) allows an authenticated attacker (Contributor+ level) to exploit Local File Inclusion in versions up to 2.0.2. The vulnerability affects the plugin and is tracked publicly under CVE-2025-31868. Exploitat...
CVE-2025-32627
CVE-2025-32627 affects the WordPress plugin JS Job Manager (JS Job Manager) up to version 2.0.2. It is an Unauthenticated Local File Inclusion vulnerability in the PHP include/require handling, enabling an attacker to influence file inclusion without authentication. The CVE entry indicates an imp...
CVE-2023-25963
CVE-2023-25963 affects the WordPress plugin JS Job Manager (versions
CVE-2023-31087
CVE-2023-31087 – JoomSky JS Job Manager (WordPress) CSRF vulnerability in versions 2.0.0, specifically 2.0.1 per PatchStack, to mitigate. Impact is described variably across sources; Wordfence lists CSRF via multiple functions and patch status as Patched, while CVSS scales differ between sources...
CVE-2025-31867
CVE-2025-31867 concerns the WordPress plugin JS Job Manager . Connected material provides concrete detail for the same plugin: “JS Job Manager <= 2.0.2 – Authenticated (Contributor+) Local File Inclusion” (CVE-2025-32146). This confirms a Local File Inclusion vulnerability in JS Job Manager wh...
CVE-2025-58234
CVE-2025-58234 is a Stored XSS vulnerability in the WordPress plugin JS Job Manager. Connected sources identify the affected component as JS Job Manager and specify vulnerability type as Stored Cross-Site Scripting, affecting versions up to and including 2.0.2. The Wordfence report lists CVSS v3....