CVE-2025-22206

Name of the Vulnerable Software and Affected Versions JS Jobs plugin versions 1.1.5 through 1.4.2 for Joomla

Description A SQL injection issue allows authenticated attackers, specifically administrators, to execute arbitrary SQL commands. This is achieved via the fieldfor parameter in the GDPR Field feature.

Recommendations For JS Jobs plugin versions 1.1.5 through 1.4.2, consider disabling the GDPR Field feature until a patch is available to prevent exploitation of the SQL injection vulnerability. Restrict access to the fieldfor parameter to minimize the risk of arbitrary SQL command execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.