cleantalk
Vulnerabilities and Security Researches

JS Job Manager, 4e1f7d7c-f78d-4e4d-be5c-01af042026b8

CVE, Research URL

4e1f7d7c-f78d-4e4d-be5c-01af042026b8

Home page URL

Security reports for JS Job Manager

Application

JS Job Manager

Published on
-
Research Description
JS Job Manager [js-jobs] < 1.1.9 JS Job Manager &lt; 1.1.9 - Unauthenticated Arbitrary Plugin Installation/Activation The jsjobs_ajax AJAX action of the plugin available to both authenticated and unauthenticated users does not have proper authorisation and CSRF checks, in particular when using the installPluginFromAjax and activatePluginFromAjax, which could allow unauthenticated attackers to install arbitrary plugins from the WordPress repository, and active them (with some limitation).
Affected versions
max 1.1.9.
Status
vulnerable
Previous vulnerability researches
Multiple Roles per User (CVE-2025-11620) , Dec 11, 2025
HM Multiple Roles (CVE-2022-4974) , Nov 15, 2024
HM Multiple Roles (e0ced8390daf806f54b9f4a1542719af14d54b4a) , Jun 16, 2026
HM Multiple Roles (6d8910c719b2a132ec93828cd37e418b19cac960) , Jun 16, 2026
HM Multiple Roles (661d3ede59a4c35b13b428b41eac91ad993f33cf) , Jun 16, 2026
New vulnerability
leenk.me (753d31765913b4d2dbb8af0a5512e5f1f8c70c61) , Jun 16, 2026
Social Hashtags (5abd4657-8a58-4d97-b8cb-b67235ab5b8a) , Jun 16, 2026
Social Hashtags (1965c7b04565befbb11c28b56cb6922733a47b03) , Jun 16, 2026
Social Hashtags (a7cf6766582e354e702766a86f85716127d19bdc) , Jun 16, 2026
Simple Calendar &#8211; Google Calendar Plugin (e98a6264-9c5a-417f-b2f8-bd0017b411a0) , Jun 16, 2026