Joomsky Js Job Manager vulnerabilities
11 known vulnerabilities affecting joomsky/js_job_manager.
Total CVEs
11
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH4MEDIUM5
Vulnerabilities
Page 1 of 1
CVE-2025-32660P2CRITICALCVSS 9.8≤ 2.0.22025-04-17
CVE-2025-32660 [CRITICAL] CWE-434 CVE-2025-32660: Unrestricted Upload of File with Dangerous Type vulnerability in JoomSky JS Job Manager js-jobs allo
Unrestricted Upload of File with Dangerous Type vulnerability in JoomSky JS Job Manager js-jobs allows Upload a Web Shell to a Web Server.This issue affects JS Job Manager: from n/a through <= 2.0.2.
nvd
CVE-2025-32626P2CRITICALCVSS 9.8≤ 2.0.22025-04-17
CVE-2025-32626 [CRITICAL] CWE-89 CVE-2025-32626: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in JoomSky JS Job Manager js-jobs allows SQL Injection.This issue affects JS Job Manager: from n/a through <= 2.0.2.
nvd
CVE-2025-32146P3HIGHCVSS 8.8≤ 2.0.22025-04-04
CVE-2025-32146 [HIGH] CWE-98 CVE-2025-32146: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in JoomSky JS Job Manager js-jobs allows PHP Local File Inclusion.This issue affects JS Job Manager: from n/a through <= 2.0.2.
nvd
CVE-2025-32627P3HIGHCVSS 8.1≤ 2.0.22025-04-11
CVE-2025-32627 [HIGH] CWE-98 CVE-2025-32627: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in JoomSky JS Job Manager js-jobs allows PHP Local File Inclusion.This issue affects JS Job Manager: from n/a through <= 2.0.2.
nvd
CVE-2023-28689P3MEDIUMCVSS 6.5fixed in 2.0.1≥ n/a, ≤ 2.0.02024-12-09
CVE-2023-28689 [MEDIUM] CWE-862 CVE-2023-28689: Missing Authorization vulnerability in JoomSky JS Job Manager allows Exploiting Incorrectly Configur
Missing Authorization vulnerability in JoomSky JS Job Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JS Job Manager: from n/a through 2.0.0.
nvd
CVE-2023-31087P3HIGHCVSS 8.8fixed in 2.0.1≥ n/a, ≤ 2.0.02023-11-09
CVE-2023-31087 [HIGH] CWE-352 CVE-2023-31087: Cross-Site Request Forgery (CSRF) vulnerability in JoomSky JS Job Manager plugin <= 2.0.0 versions.
Cross-Site Request Forgery (CSRF) vulnerability in JoomSky JS Job Manager plugin <= 2.0.0 versions.
nvd
CVE-2018-20974P4HIGHCVSS 8.8fixed in 1.0.72019-08-16
CVE-2018-20974 [HIGH] CWE-352 CVE-2018-20974: The js-jobs plugin before 1.0.7 for WordPress has CSRF.
The js-jobs plugin before 1.0.7 for WordPress has CSRF.
nvd
CVE-2025-31867P4MEDIUMCVSS 5.4≤ 2.0.22025-04-01
CVE-2025-31867 [MEDIUM] CWE-639 CVE-2025-31867: Authorization Bypass Through User-Controlled Key vulnerability in JoomSky JS Job Manager js-jobs all
Authorization Bypass Through User-Controlled Key vulnerability in JoomSky JS Job Manager js-jobs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JS Job Manager: from n/a through <= 2.0.2.
nvd
CVE-2025-31868P4MEDIUMCVSS 5.3≤ 2.0.22025-04-01
CVE-2025-31868 [MEDIUM] CWE-862 CVE-2025-31868: Missing Authorization vulnerability in JoomSky JS Job Manager js-jobs allows Exploiting Incorrectly
Missing Authorization vulnerability in JoomSky JS Job Manager js-jobs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JS Job Manager: from n/a through <= 2.0.2.
nvd
CVE-2025-58234P4MEDIUMCVSS 5.4≤ 2.0.22025-09-22
CVE-2025-58234 [MEDIUM] CWE-79 CVE-2025-58234: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in JoomSky JS Job Manager js-jobs allows Stored XSS.This issue affects JS Job Manager: from n/a through <= 2.0.2.
nvd
CVE-2023-25963P4MEDIUMCVSS 4.8≤ 2.0.0≥ n/a, ≤ 2.0.02023-06-16
CVE-2023-25963 [MEDIUM] CWE-79 CVE-2023-25963: Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in JoomSky JS Job Manager plugin <= 2
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in JoomSky JS Job Manager plugin <= 2.0.0 versions.
nvd