JoomSky — Vulnerabilities & Security Advisories 20

Browse all 20 CVE security advisories affecting JoomSky. AI-powered Chinese analysis, POCs, and references for each vulnerability.

JoomSky operates as a provider of enterprise resource planning and customer relationship management solutions, primarily targeting small to medium-sized businesses seeking integrated operational tools. Security audits have identified twenty confirmed Common Vulnerabilities and Exposures (CVEs) associated with the platform, indicating a persistent pattern of implementation flaws. The most prevalent vulnerability classes include Remote Code Execution (RCE), Cross-Site Scripting (XSS), and SQL Injection, often stemming from insufficient input validation and improper access controls. Privilege escalation issues further compound these risks, allowing unauthorized users to gain administrative access. While specific major public breaches have not been widely documented in mainstream media, the high volume of CVEs suggests systemic weaknesses in the codebase’s security architecture. Organizations utilizing JoomSky must prioritize rigorous patch management and continuous vulnerability scanning to mitigate these known exposure vectors and prevent potential data compromise.

Top products by JoomSky: JS Job Manager JS Help Desk WP Vehicle Manager

CVEs 20

CVE ID	Title	CVSS	Severity	Published
CVE-2026-32534	WordPress JS Help Desk plugin <= 3.0.3 - SQL Injection vulnerability — JS Help DeskCWE-89	8.5	High	2026-03-25
CVE-2026-32535	WordPress JS Help Desk plugin <= 3.0.3 - Insecure Direct Object References (IDOR) vulnerability — JS Help DeskCWE-639	6.5	Medium	2026-03-25
CVE-2026-24959	WordPress JS Help Desk plugin <= 3.0.1 - SQL Injection vulnerability — JS Help DeskCWE-89	8.5	High	2026-02-20
CVE-2025-58234	WordPress JS Job Manager Plugin <= 2.0.2 - Cross Site Scripting (XSS) Vulnerability — JS Job ManagerCWE-79	6.5	Medium	2025-09-22
CVE-2025-32626	WordPress JS Job Manager plugin <= 2.0.2 - SQL Injection vulnerability — JS Job ManagerCWE-89	9.3	Critical	2025-04-17
CVE-2025-32660	WordPress JS Job Manager plugin <= 2.0.2 - Arbitrary File Upload vulnerability — JS Job ManagerCWE-434	10.0	Critical	2025-04-17
CVE-2025-32627	WordPress JS Job Manager plugin <= 2.0.2 - Local File Inclusion vulnerability — JS Job ManagerCWE-98	8.1	High	2025-04-11
CVE-2025-32146	WordPress JS Job Manager plugin <= 2.0.2 - Local File Inclusion vulnerability — JS Job ManagerCWE-98	8.8	High	2025-04-04
CVE-2025-31868	WordPress JS Job Manager plugin <= 2.0.2 - Broken Access Control vulnerability — JS Job ManagerCWE-862	5.3	Medium	2025-04-01
CVE-2025-31867	WordPress JS Job Manager Plugin <= 2.0.2 - Insecure Direct Object References (IDOR) vulnerability — JS Job ManagerCWE-639	5.4	Medium	2025-04-01
CVE-2025-30901	WordPress JS Help Desk plugin <= 2.9.2 - Local File Inclusion vulnerability — JS Help DeskCWE-98	8.1	High	2025-04-01
CVE-2025-30880	WordPress JS Help Desk plugin <= 2.9.2 - Broken Access Control vulnerability — JS Help DeskCWE-862	7.5	High	2025-04-01
CVE-2025-30886	WordPress JS Help Desk plugin <= 2.9.2 - SQL Injection vulnerability — JS Help DeskCWE-89	9.3	Critical	2025-04-01
CVE-2025-30882	WordPress JS Help Desk plugin <= 2.9.1 - Arbitrary File Download vulnerability — JS Help DeskCWE-22	7.5	High	2025-04-01
CVE-2025-30878	WordPress JS Help Desk plugin <= 2.9.2 - Arbitrary File Deletion vulnerability — JS Help DeskCWE-22	8.6	High	2025-04-01
CVE-2025-25109	WordPress Vehicle Manager plugin <= 3.1 - Local File Inclusion vulnerability — WP Vehicle ManagerCWE-98	8.1	High	2025-03-03
CVE-2023-28689	WordPress JS Job Manager plugin <= 2.0.0 - Broken Access Control vulnerability — JS Job ManagerCWE-862	6.5	Medium	2024-12-09
CVE-2024-51670	WordPress JS Help Desk plugin <= 2.8.7 - Stored Cross Site Scripting (XSS) vulnerability — JS Help DeskCWE-79	5.9	Medium	2024-11-09
CVE-2023-31087	WordPress JS Job Manager Plugin <=2.0.0 is vulnerable to Cross Site Request Forgery (CSRF) — JS Job ManagerCWE-352	5.4	Medium	2023-11-09
CVE-2023-25963	WordPress JS Job Manager Plugin <= 2.0.0 is vulnerable to Cross Site Scripting (XSS) — JS Job ManagerCWE-79	5.9	Medium	2023-06-16

This page lists every published CVE security advisory associated with JoomSky. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.

Goal Reached Thanks to every supporter — we hit 100%!

JoomSky — Vulnerabilities & Security Advisories 20