80 matches found
CVE-2026-32525
Improper Control of Generation of Code 'Code Injection' vulnerability in jetmonsters JetFormBuilder jetformbuilder allows Code Injection.This issue affects JetFormBuilder: from n/a through = 3.5.6.1...
CVE-2026-4373
The JetFormBuilder plugin for WordPress is vulnerable to arbitrary file read via path traversal in all versions up to, and including, 3.5.6.2. This is due to the 'UploadedFile::setfromarray' method accepting user-supplied file paths from the Media Field preset JSON payload without validating that...
EUVD-2026-15889
Improper Control of Generation of Code 'Code Injection' vulnerability in jetmonsters JetFormBuilder jetformbuilder allows Code Injection.This issue affects JetFormBuilder: from n/a through = 3.5.6.1...
CVE-2026-32525
Improper Control of Generation of Code 'Code Injection' vulnerability in jetmonsters JetFormBuilder jetformbuilder allows Code Injection.This issue affects JetFormBuilder: from n/a through = 3.5.6.1...
CVE-2026-32525 WordPress JetFormBuilder plugin <= 3.5.6.1 - Remote Code Execution (RCE) vulnerability
Improper Control of Generation of Code 'Code Injection' vulnerability in jetmonsters JetFormBuilder jetformbuilder allows Code Injection.This issue affects JetFormBuilder: from n/a through = 3.5.6.1...
CVE-2026-32525
JetFormBuilder WordPress plugin versions
CVE-2026-32525 WordPress JetFormBuilder plugin <= 3.5.6.1 - Remote Code Execution (RCE) vulnerability
Improper Control of Generation of Code 'Code Injection' vulnerability in jetmonsters JetFormBuilder jetformbuilder allows Code Injection.This issue affects JetFormBuilder: from n/a through = 3.5.6.1...
WordPress plugin JetFormBuilder 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
PT-2026-28039
Name of the Vulnerable Software and Affected Versions JetFormBuilder versions through 3.5.6.1 Description A code injection issue exists in JetFormBuilder. The flaw resides in improper control of code generation, potentially allowing for code injection. The vulnerability could allow an attacker to...
WordPress JetFormBuilder plugin <= 3.5.6.2 - Unauthenticated Arbitrary File Read via Media Field vulnerability
Unauthenticated Arbitrary File Read via Media Field vulnerability discovered by daroo in WordPress Plugin JetFormBuilder versions = 3.5.6.2...
WordPress JetFormBuilder plugin <= 3.5.6.1 - Remote Code Execution (RCE) vulnerability
Remote Code Execution RCE vulnerability discovered by daroo in WordPress Plugin JetFormBuilder versions = 3.5.6.1...
EUVD-2026-14240
The JetFormBuilder plugin for WordPress is vulnerable to arbitrary file read via path traversal in all versions up to, and including, 3.5.6.2. This is due to the 'UploadedFile::setfromarray' method accepting user-supplied file paths from the Media Field preset JSON payload without validating that...
CVE-2026-4373
The JetFormBuilder plugin for WordPress is vulnerable to arbitrary file read via path traversal in all versions up to, and including, 3.5.6.2. This is due to the 'UploadedFile::setfromarray' method accepting user-supplied file paths from the Media Field preset JSON payload without validating that...
CVE-2026-4373
The JetFormBuilder plugin for WordPress is vulnerable to arbitrary file read via path traversal in all versions up to, and including, 3.5.6.2. This is due to the 'UploadedFile::setfromarray' method accepting user-supplied file paths from the Media Field preset JSON payload without validating that...
CVE-2026-4373
The JetFormBuilder WordPress plugin is affected by CVE-2026-4373: all versions up to 3.5.6.2 allow unauthenticated arbitrary file read via path traversal. This stems from Uploaded_File::set_from_array accepting user-supplied paths from the Media Field JSON without ensuring the path is within Word...
CVE-2026-4373 JetFormBuilder <= 3.5.6.2 - Unauthenticated Arbitrary File Read via Media Field
The JetFormBuilder plugin for WordPress is vulnerable to arbitrary file read via path traversal in all versions up to, and including, 3.5.6.2. This is due to the 'UploadedFile::setfromarray' method accepting user-supplied file paths from the Media Field preset JSON payload without validating that...
CVE-2026-4373 JetFormBuilder <= 3.5.6.2 - Unauthenticated Arbitrary File Read via Media Field
The JetFormBuilder plugin for WordPress is vulnerable to arbitrary file read via path traversal in all versions up to, and including, 3.5.6.2. This is due to the 'UploadedFile::setfromarray' method accepting user-supplied file paths from the Media Field preset JSON payload without validating that...
WordPress plugin JetFormBuilder 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
WordPress JetFormBuilder plugin <= 3.5.3 - Missing Authorization to Unauthenticated Form Generation vulnerability
Missing Authorization to Unauthenticated Form Generation vulnerability discovered by Tri Firdyanto Firdy - ZeroByte in WordPress Plugin JetFormBuilder versions = 3.5.3...
CVE-2025-11991
CVE-2025-11991 : JetFormBuilder — Dynamic Blocks Form Builder for WordPress suffers unauthenticated data modification due to a missing capability check in run_callback in all versions up to 3.5.3, allowing unauthenticated form generation that can consume the site’s AI usage limits. A patch exists...