CVE-2023-1406

The JetEngine WordPress plugin before 3.1.3.1 includes uploaded files without adequately ensuring that they are not executable, leading to a remote code execution vulnerability...

CVE-2023-1406

The JetEngine WordPress plugin before 3.1.3.1 includes uploaded files without adequately ensuring that they are not executable, leading to a remote code execution vulnerability...

Remote code execution

The JetEngine WordPress plugin before 3.1.3.1 includes uploaded files without adequately ensuring that they are not executable, leading to a remote code execution vulnerability...

CVE-2023-1406 JetEngine < 3.1.3.1 - Author+ Remote Code Execution

The JetEngine WordPress plugin before 3.1.3.1 includes uploaded files without adequately ensuring that they are not executable, leading to a remote code execution vulnerability...

CVE-2023-1406 JetEngine < 3.1.3.1 - Author+ Remote Code Execution

The JetEngine WordPress plugin before 3.1.3.1 includes uploaded files without adequately ensuring that they are not executable, leading to a remote code execution vulnerability...

CVE-2023-1406

CVE-2023-1406 affects the JetEngine WordPress plugin prior to 3.1.3.1. The vulnerability arises from uploading files without sufficient checks to prevent executable content, enabling remote code execution. A fix is available: upgrade to JetEngine 3.1.3.1 or later. If upgrading is not possible, ap...

WordPress plugin JetEngine 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

PT-2023-16962 · WordPress · Jetengine

Name of the Vulnerable Software and Affected Versions: JetEngine WordPress plugin versions prior to 3.1.3.1 Description: The issue allows for remote code execution due to the plugin's failure to properly verify that uploaded files are not executable. Recommendations: For versions prior to 3.1.3.1...

JetEngine < 3.1.3.1 - Author+ Remote Code Execution

The plugin includes uploaded files without adequately ensuring that they are not executable, leading to a remote code execution vulnerability. PoC fetch"/wp-admin/admin.php?action=jetengineformsimport", "headers": "accept": "text/html", "content-type": "multipart/form-data;...

JetEngine < 3.1.3.1 - Author+ Remote Code Execution

The plugin includes uploaded files without adequately ensuring that they are not executable, leading to a remote code execution vulnerability. fetch"/wp-admin/admin.php?action=jetengineformsimport", "headers": "accept": "text/html", "content-type": "multipart/form-data;...

crocoblock JetEngine Cross-Site Scripting Vulnerability (CNVD-2022-05012)

crocoblock JetEngine is a dynamic content plugin that allows you to build complex websites quickly and cost-effectively. crocoblock JetEngine prior to version 2.9.1 is vulnerable to a cross-site scripting vulnerability that stems from a lack of data validation filtering of user-supplied data and...

crocoblock JetEngine code issue vulnerability

crocoblock JetEngine is a dynamic content plugin that allows you to build complex websites quickly and cost-effectively. crocoblock JetEngine versions prior to 2.9.1 are vulnerable to a code issue that stems from the application's inability to properly validate and clean up form data. An attacker...

CVE-2021-41844

Crocoblock JetEngine before 2.9.1 does not properly validate and sanitize form data...

CVE-2021-41844

Crocoblock JetEngine before 2.9.1 does not properly validate and sanitize form data...

Code injection

Crocoblock JetEngine before 2.9.1 does not properly validate and sanitize form data...

CVE-2021-41844

Crocoblock JetEngine before 2.9.1 does not properly validate and sanitize form data...

CVE-2021-41844

CVE-2021-41844 affects Crocoblock JetEngine (pre-2.9.1). The root cause is improper validation and sanitization of form data, enabling unauthenticated or low-privilege abuse via network access as described by the CVE records. NVD lists high/critical impact metrics (C/P/I/A partial to high) with n...

Crocoblock JetEngine 代码问题漏洞

crocoblock JetEngine is a dynamic content plugin that allows you to build complex websites quickly and cost-effectively. crocoblock JetEngine versions prior to 2.9.1 are vulnerable to a code issue that stems from the application's inability to properly validate and clean up form data. An attacker...

PT-2021-23429 · Crocoblock · Crocoblock Jetengine

Name of the Vulnerable Software and Affected Versions: Crocoblock JetEngine versions prior to 2.9.1 Description: The issue arises from improper validation and sanitization of form data. Recommendations: For versions prior to 2.9.1, update to version 2.9.1 or later to resolve the issue...

Crocoblock JetEngine 跨站脚本漏洞

crocoblock JetEngine is a dynamic content plugin that allows you to build complex websites quickly and cost-effectively. crocoblock JetEngine prior to version 2.9.1 is vulnerable to a cross-site scripting vulnerability that stems from a lack of data validation filtering of user-supplied data and...