Lucene search
K

93 matches found

NVD
NVD
added 2026/07/02 10:16 a.m.8 views

CVE-2026-13459

The JetFormBuilder — Dynamic Blocks Form Builder plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.6.3. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated...

5.3CVSS0.00333EPSS
Exploits0References12
EUVD
EUVD
added 2026/07/02 8:33 a.m.8 views

EUVD-2026-41263

The JetFormBuilder — Dynamic Blocks Form Builder plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.6.3. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated...

5.3CVSS5.8AI score0.00333EPSS
Exploits0References12
Cvelist
Cvelist
added 2026/07/02 8:33 a.m.38 views

CVE-2026-13459 JetFormBuilder <= 3.6.3 - Missing Authorization to Unauthenticated Sensitive Information Disclosure via 'context' Parameter

The JetFormBuilder — Dynamic Blocks Form Builder plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.6.3. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated...

5.3CVSS0.00333EPSS
Exploits0References12
CVE
CVE
added 2026/07/02 8:33 a.m.17 views

CVE-2026-13459

JetFormBuilder for WordPress (Dynamic Blocks Form Builder) is affected up to version 3.6.3 due to an authorization bypass in the get_from_db generator. Unauthenticated attackers can retrieve distinct values stored in wp_postmeta (including Woocommerce PII like _billing_email, _billing_phone, and ...

5.3CVSS5.8AI score0.00333EPSS
Exploits0References12
Patchstack
Patchstack
added 2026/07/01 7:57 p.m.6 views

WordPress JetFormBuilder — Dynamic Blocks Form Builder plugin <= 3.6.3 - Missing Authorization to Unauthenticated Sensitive Information Disclosure vulnerability

Missing Authorization to Unauthenticated Sensitive Information Disclosure vulnerability discovered by Niv Kochan in WordPress Plugin JetFormBuilder versions = 3.6.3...

5.3CVSS5.8AI score0.00333EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/06/17 6:35 p.m.9 views

EUVD-2026-37637

Subscriber Privilege Escalation in JetFormBuilder = 3.6.1 versions...

6.8CVSS5.2AI score0.00211EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.7 views

EUVD-2026-37636

Unauthenticated Cross Site Scripting XSS in JetFormBuilder = 3.6.0.1 versions...

7.1CVSS5.2AI score0.00146EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 1:20 p.m.9 views

CVE-2026-54195

Unauthenticated Cross Site Scripting XSS in JetFormBuilder = 3.6.0.1 versions...

7.1CVSS0.00146EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 1:20 p.m.9 views

CVE-2026-54196

Subscriber Privilege Escalation in JetFormBuilder = 3.6.1 versions...

6.8CVSS0.00211EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 9:51 a.m.33 views

CVE-2026-54196 WordPress JetFormBuilder plugin <= 3.6.1 - Privilege Escalation vulnerability

Subscriber Privilege Escalation in JetFormBuilder = 3.6.1 versions...

6.8CVSS0.00211EPSS
Exploits0References1
CVE
CVE
added 2026/06/17 9:51 a.m.28 views

CVE-2026-54196

Technical details are not publicly provided in the supplied documents. Monitor for updates on affected versions, impact, and fixes.

6.8CVSS5.2AI score0.00211EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 9:51 a.m.31 views

CVE-2026-54195 WordPress JetFormBuilder plugin <= 3.6.0.1 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in JetFormBuilder = 3.6.0.1 versions...

7.1CVSS0.00146EPSS
Exploits0References1
CVE
CVE
added 2026/06/17 9:51 a.m.25 views

CVE-2026-54195

CVE-2026-54195 affects the WordPress JetFormBuilder plugin older than or equal to 3.6.0.1, with an unauthenticated Cross Site Scripting (XSS) vulnerability. The CVSS-3.1 vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L, indicating a network-exposed issue that requires user interaction and h...

7.1CVSS5.1AI score0.00146EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 5:3 p.m.6 views

CVE-2026-32525

Improper Control of Generation of Code 'Code Injection' vulnerability in jetmonsters JetFormBuilder jetformbuilder allows Code Injection.This issue affects JetFormBuilder: from n/a through = 3.5.6.1...

9.9CVSS5.8AI score0.00294EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 2:58 p.m.3 views

CVE-2026-4373

The JetFormBuilder plugin for WordPress is vulnerable to arbitrary file read via path traversal in all versions up to, and including, 3.5.6.2. This is due to the 'UploadedFile::setfromarray' method accepting user-supplied file paths from the Media Field preset JSON payload without validating that...

7.5CVSS5.9AI score0.00397EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/25 6:31 p.m.10 views

EUVD-2026-15889

Improper Control of Generation of Code 'Code Injection' vulnerability in jetmonsters JetFormBuilder jetformbuilder allows Code Injection.This issue affects JetFormBuilder: from n/a through = 3.5.6.1...

9.9CVSS5.8AI score0.00294EPSS
Exploits0References2
NVD
NVD
added 2026/03/25 5:17 p.m.8 views

CVE-2026-32525

Improper Control of Generation of Code 'Code Injection' vulnerability in jetmonsters JetFormBuilder jetformbuilder allows Code Injection.This issue affects JetFormBuilder: from n/a through = 3.5.6.1...

9.9CVSS0.00294EPSS
Exploits0References1
CVE
CVE
added 2026/03/25 4:15 p.m.13 views

CVE-2026-32525

JetFormBuilder WordPress plugin versions

9.9CVSS5.8AI score0.00294EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/25 4:15 p.m.26 views

CVE-2026-32525 WordPress JetFormBuilder plugin <= 3.5.6.1 - Remote Code Execution (RCE) vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in jetmonsters JetFormBuilder jetformbuilder allows Code Injection.This issue affects JetFormBuilder: from n/a through = 3.5.6.1...

9.9CVSS0.00294EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/25 4:15 p.m.4 views

CVE-2026-32525 WordPress JetFormBuilder plugin <= 3.5.6.1 - Remote Code Execution (RCE) vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in jetmonsters JetFormBuilder jetformbuilder allows Code Injection.This issue affects JetFormBuilder: from n/a through = 3.5.6.1...

5.8AI score0.00294EPSS
Exploits0References1
Rows per page
Query Builder