A SQL injection vulnerability in the JS Jobs plugin versions 1.1.5-1.4.3 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands via the 'searchpaymentstatus' parameter in the Employer Payment History search feature.
https://joomsky.com/js-jobs-joomla/
https://github.com/AdamWallwork/CVEs/tree/main/2025/CVE-2025-22209