CVE-2025-0369

The CVE-2025-0369 issue concerns the JetEngine WordPress plugin. A Stored Cross-Site Scripting (XSS) flaw exists in the list_tag parameter, affecting all versions up to 3.6.2, due to insufficient input sanitization and output escaping. The vulnerability can be exploited by authenticated users wit...

PT-2025-3856 · WordPress · Jetengine

Name of the Vulnerable Software and Affected Versions: JetEngine plugin for WordPress versions up to, and including, 3.6.2 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping. This allows authenticated attackers with...

WordPress Jet Engine plugin <= 3.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via list_tag Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via listtag Parameter vulnerability discovered by stealthcopter in WordPress Plugin JetEngine versions = 3.6.2...

WordPress plugin JetEngine 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress JetEngine Plugin <= 3.2.4 is vulnerable to Broken Access Control

Software JetEngine Type Plugin Vulnerable versions = 3.2.4 Fixed in 3.2.5 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-48758 Patch priority High CVSS severity High 7.1 Developer Crocoblock PSID 14b80894884d Credits Rafie Muhammad Patchstack Required...

WordPress JetEngine Plugin <= 3.2.4 is vulnerable to Privilege Escalation

Software JetEngine Type Plugin Vulnerable versions = 3.2.4 Fixed in 3.2.5 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2023-48757 Patch priority Medium CVSS severity Medium 8.8 Developer Crocoblock PSID 629276ed62fc Credits Rafie Muhammad...

WordPress JetEngine Plugin <= 3.2.5.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software JetEngine Type Plugin Vulnerable versions = 3.2.5.1 Fixed in 3.2.5.2 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-48762 Patch priority Low CVSS severity Low 6.3 Developer Crocoblock PSID 289af3150189 Credits Rafie Muhammad Patchstack...

WordPress JetEngine Plugin < 3.1.3.1 is vulnerable to Remote Code Execution (RCE)

Software JetEngine Type Plugin Vulnerable versions 3.1.3.1 Fixed in 3.1.3.1 OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2023-1406 Patch priority High CVSS severity High 9.1 Developer Crocoblock PSID a91fe4278b33 Credits R3zk0n Required privilege Author Published 11...

CVE-2023-1406 JetEngine < 3.1.3.1 - Author+ Remote Code Execution

The JetEngine WordPress plugin before 3.1.3.1 includes uploaded files without adequately ensuring that they are not executable, leading to a remote code execution vulnerability...

PT-2023-16962 · WordPress · Jetengine

Name of the Vulnerable Software and Affected Versions: JetEngine WordPress plugin versions prior to 3.1.3.1 Description: The issue allows for remote code execution due to the plugin's failure to properly verify that uploaded files are not executable. Recommendations: For versions prior to 3.1.3.1...

JetEngine < 3.1.3.1 - Author+ Remote Code Execution

The plugin includes uploaded files without adequately ensuring that they are not executable, leading to a remote code execution vulnerability. PoC fetch"/wp-admin/admin.php?action=jetengineformsimport", "headers": "accept": "text/html", "content-type": "multipart/form-data;...