93 matches found
CVE-2026-13459
The JetFormBuilder — Dynamic Blocks Form Builder plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.6.3. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated...
EUVD-2026-41263
The JetFormBuilder — Dynamic Blocks Form Builder plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.6.3. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated...
CVE-2026-13459 JetFormBuilder <= 3.6.3 - Missing Authorization to Unauthenticated Sensitive Information Disclosure via 'context' Parameter
The JetFormBuilder — Dynamic Blocks Form Builder plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.6.3. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated...
CVE-2026-13459
JetFormBuilder for WordPress (Dynamic Blocks Form Builder) is affected up to version 3.6.3 due to an authorization bypass in the get_from_db generator. Unauthenticated attackers can retrieve distinct values stored in wp_postmeta (including Woocommerce PII like _billing_email, _billing_phone, and ...
WordPress JetFormBuilder — Dynamic Blocks Form Builder plugin <= 3.6.3 - Missing Authorization to Unauthenticated Sensitive Information Disclosure vulnerability
Missing Authorization to Unauthenticated Sensitive Information Disclosure vulnerability discovered by Niv Kochan in WordPress Plugin JetFormBuilder versions = 3.6.3...
EUVD-2026-37637
Subscriber Privilege Escalation in JetFormBuilder = 3.6.1 versions...
EUVD-2026-37636
Unauthenticated Cross Site Scripting XSS in JetFormBuilder = 3.6.0.1 versions...
CVE-2026-54195
Unauthenticated Cross Site Scripting XSS in JetFormBuilder = 3.6.0.1 versions...
CVE-2026-54196
Subscriber Privilege Escalation in JetFormBuilder = 3.6.1 versions...
CVE-2026-54196 WordPress JetFormBuilder plugin <= 3.6.1 - Privilege Escalation vulnerability
Subscriber Privilege Escalation in JetFormBuilder = 3.6.1 versions...
CVE-2026-54196
Technical details are not publicly provided in the supplied documents. Monitor for updates on affected versions, impact, and fixes.
CVE-2026-54195 WordPress JetFormBuilder plugin <= 3.6.0.1 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in JetFormBuilder = 3.6.0.1 versions...
CVE-2026-54195
CVE-2026-54195 affects the WordPress JetFormBuilder plugin older than or equal to 3.6.0.1, with an unauthenticated Cross Site Scripting (XSS) vulnerability. The CVSS-3.1 vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L, indicating a network-exposed issue that requires user interaction and h...
CVE-2026-32525
Improper Control of Generation of Code 'Code Injection' vulnerability in jetmonsters JetFormBuilder jetformbuilder allows Code Injection.This issue affects JetFormBuilder: from n/a through = 3.5.6.1...
CVE-2026-4373
The JetFormBuilder plugin for WordPress is vulnerable to arbitrary file read via path traversal in all versions up to, and including, 3.5.6.2. This is due to the 'UploadedFile::setfromarray' method accepting user-supplied file paths from the Media Field preset JSON payload without validating that...
EUVD-2026-15889
Improper Control of Generation of Code 'Code Injection' vulnerability in jetmonsters JetFormBuilder jetformbuilder allows Code Injection.This issue affects JetFormBuilder: from n/a through = 3.5.6.1...
CVE-2026-32525
Improper Control of Generation of Code 'Code Injection' vulnerability in jetmonsters JetFormBuilder jetformbuilder allows Code Injection.This issue affects JetFormBuilder: from n/a through = 3.5.6.1...
CVE-2026-32525
JetFormBuilder WordPress plugin versions
CVE-2026-32525 WordPress JetFormBuilder plugin <= 3.5.6.1 - Remote Code Execution (RCE) vulnerability
Improper Control of Generation of Code 'Code Injection' vulnerability in jetmonsters JetFormBuilder jetformbuilder allows Code Injection.This issue affects JetFormBuilder: from n/a through = 3.5.6.1...
CVE-2026-32525 WordPress JetFormBuilder plugin <= 3.5.6.1 - Remote Code Execution (RCE) vulnerability
Improper Control of Generation of Code 'Code Injection' vulnerability in jetmonsters JetFormBuilder jetformbuilder allows Code Injection.This issue affects JetFormBuilder: from n/a through = 3.5.6.1...