Lucene search
K

93 matches found

CNNVD
CNNVD
added 2026/03/25 12:0 a.m.5 views

WordPress plugin JetFormBuilder 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

9.9CVSS5.9AI score0.00294EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.8 views

PT-2026-28039

Name of the Vulnerable Software and Affected Versions JetFormBuilder versions through 3.5.6.1 Description A code injection issue exists in JetFormBuilder. The flaw resides in improper control of code generation, potentially allowing for code injection. The vulnerability could allow an attacker to...

9.9CVSS5.9AI score0.00294EPSS
Exploits0References6
Patchstack
Patchstack
added 2026/03/24 10:43 a.m.10 views

WordPress JetFormBuilder plugin <= 3.5.6.2 - Unauthenticated Arbitrary File Read via Media Field vulnerability

Unauthenticated Arbitrary File Read via Media Field vulnerability discovered by daroo in WordPress Plugin JetFormBuilder versions = 3.5.6.2...

7.5CVSS5.8AI score0.00397EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/23 2:56 p.m.7 views

WordPress JetFormBuilder plugin <= 3.5.6.1 - Remote Code Execution (RCE) vulnerability

Remote Code Execution RCE vulnerability discovered by daroo in WordPress Plugin JetFormBuilder versions = 3.5.6.1...

9.9CVSS5.9AI score0.00294EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2026/03/21 9:31 a.m.6 views

EUVD-2026-14240

The JetFormBuilder plugin for WordPress is vulnerable to arbitrary file read via path traversal in all versions up to, and including, 3.5.6.2. This is due to the 'UploadedFile::setfromarray' method accepting user-supplied file paths from the Media Field preset JSON payload without validating that...

7.5CVSS5.9AI score0.00397EPSS
Exploits0References6
NVD
NVD
added 2026/03/21 7:16 a.m.9 views

CVE-2026-4373

The JetFormBuilder plugin for WordPress is vulnerable to arbitrary file read via path traversal in all versions up to, and including, 3.5.6.2. This is due to the 'UploadedFile::setfromarray' method accepting user-supplied file paths from the Media Field preset JSON payload without validating that...

7.5CVSS0.00397EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/03/21 6:45 a.m.34 views

CVE-2026-4373 JetFormBuilder <= 3.5.6.2 - Unauthenticated Arbitrary File Read via Media Field

The JetFormBuilder plugin for WordPress is vulnerable to arbitrary file read via path traversal in all versions up to, and including, 3.5.6.2. This is due to the 'UploadedFile::setfromarray' method accepting user-supplied file paths from the Media Field preset JSON payload without validating that...

7.5CVSS0.00397EPSS
Exploits0References5
CVE
CVE
added 2026/03/21 6:45 a.m.26 views

CVE-2026-4373

The JetFormBuilder WordPress plugin is affected by CVE-2026-4373: all versions up to 3.5.6.2 allow unauthenticated arbitrary file read via path traversal. This stems from Uploaded_File::set_from_array accepting user-supplied paths from the Media Field JSON without ensuring the path is within Word...

7.5CVSS5.9AI score0.00397EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/03/21 6:45 a.m.6 views

CVE-2026-4373

The JetFormBuilder plugin for WordPress is vulnerable to arbitrary file read via path traversal in all versions up to, and including, 3.5.6.2. This is due to the 'UploadedFile::setfromarray' method accepting user-supplied file paths from the Media Field preset JSON payload without validating that...

7.5CVSS5.9AI score0.00397EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/03/21 6:45 a.m.3 views

CVE-2026-4373 JetFormBuilder <= 3.5.6.2 - Unauthenticated Arbitrary File Read via Media Field

The JetFormBuilder plugin for WordPress is vulnerable to arbitrary file read via path traversal in all versions up to, and including, 3.5.6.2. This is due to the 'UploadedFile::setfromarray' method accepting user-supplied file paths from the Media Field preset JSON payload without validating that...

7.5CVSS5.9AI score0.00397EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/03/21 12:0 a.m.10 views

WordPress plugin JetFormBuilder 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

7.5CVSS5.9AI score0.00397EPSS
Exploits0References5
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.5 views

WordPress JetFormBuilder plugin <= 3.5.3 - Missing Authorization to Unauthenticated Form Generation vulnerability

Missing Authorization to Unauthenticated Form Generation vulnerability discovered by Tri Firdyanto Firdy - ZeroByte in WordPress Plugin JetFormBuilder versions = 3.5.3...

5.3CVSS5.9AI score0.00189EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/16 7:21 a.m.3 views

CVE-2025-11991 JetFormBuilder <= 3.5.3 - Missing Authorization to Unauthenticated Form Generation

The JetFormBuilder — Dynamic Blocks Form Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the runcallback function in all versions up to, and including, 3.5.3. This makes it possible for unauthenticated attackers to generate form...

5.3CVSS5AI score0.00189EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/12/16 7:21 a.m.34 views

CVE-2025-11991 JetFormBuilder <= 3.5.3 - Missing Authorization to Unauthenticated Form Generation

The JetFormBuilder — Dynamic Blocks Form Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the runcallback function in all versions up to, and including, 3.5.3. This makes it possible for unauthenticated attackers to generate form...

5.3CVSS0.00189EPSS
Exploits0References2
EUVD
EUVD
added 2025/12/16 7:21 a.m.5 views

EUVD-2025-203523

The JetFormBuilder — Dynamic Blocks Form Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the runcallback function in all versions up to, and including, 3.5.3. This makes it possible for unauthenticated attackers to generate form...

5.3CVSS4.9AI score0.00189EPSS
Exploits0References3
CVE
CVE
added 2025/12/16 7:21 a.m.16 views

CVE-2025-11991

CVE-2025-11991 : JetFormBuilder — Dynamic Blocks Form Builder for WordPress suffers unauthenticated data modification due to a missing capability check in run_callback in all versions up to 3.5.3, allowing unauthenticated form generation that can consume the site’s AI usage limits. A patch exists...

5.3CVSS5AI score0.00189EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/12/16 12:0 a.m.4 views

WordPress plugin JetFormBuilder 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

5.3CVSS6.6AI score0.00189EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/16 12:0 a.m.8 views

PT-2025-51376

Name of the Vulnerable Software and Affected Versions JetFormBuilder versions up to and including 3.5.3 Description The JetFormBuilder — Dynamic Blocks Form Builder plugin for WordPress has a flaw that allows unauthorized modification of data. A missing capability check on the run callback functi...

5.3CVSS6.2AI score0.00189EPSS
Exploits0References5
Patchstack
Patchstack
added 2025/11/29 12:35 p.m.6 views

WordPress JetFormBuilder plugin <= 3.5.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by benzdeus in WordPress Plugin JetFormBuilder versions = 3.5.3...

6.3CVSS6.7AI score0.00232EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2025/11/14 10:11 a.m.7 views

CVE-2025-64384

Missing Authorization vulnerability in jetmonsters JetFormBuilder jetformbuilder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JetFormBuilder: from n/a through = 3.5.3...

5.3CVSS7AI score0.00232EPSS
Exploits0References1
Rows per page
Query Builder