93 matches found
WordPress plugin JetFormBuilder 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
PT-2026-28039
Name of the Vulnerable Software and Affected Versions JetFormBuilder versions through 3.5.6.1 Description A code injection issue exists in JetFormBuilder. The flaw resides in improper control of code generation, potentially allowing for code injection. The vulnerability could allow an attacker to...
WordPress JetFormBuilder plugin <= 3.5.6.2 - Unauthenticated Arbitrary File Read via Media Field vulnerability
Unauthenticated Arbitrary File Read via Media Field vulnerability discovered by daroo in WordPress Plugin JetFormBuilder versions = 3.5.6.2...
WordPress JetFormBuilder plugin <= 3.5.6.1 - Remote Code Execution (RCE) vulnerability
Remote Code Execution RCE vulnerability discovered by daroo in WordPress Plugin JetFormBuilder versions = 3.5.6.1...
EUVD-2026-14240
The JetFormBuilder plugin for WordPress is vulnerable to arbitrary file read via path traversal in all versions up to, and including, 3.5.6.2. This is due to the 'UploadedFile::setfromarray' method accepting user-supplied file paths from the Media Field preset JSON payload without validating that...
CVE-2026-4373
The JetFormBuilder plugin for WordPress is vulnerable to arbitrary file read via path traversal in all versions up to, and including, 3.5.6.2. This is due to the 'UploadedFile::setfromarray' method accepting user-supplied file paths from the Media Field preset JSON payload without validating that...
CVE-2026-4373 JetFormBuilder <= 3.5.6.2 - Unauthenticated Arbitrary File Read via Media Field
The JetFormBuilder plugin for WordPress is vulnerable to arbitrary file read via path traversal in all versions up to, and including, 3.5.6.2. This is due to the 'UploadedFile::setfromarray' method accepting user-supplied file paths from the Media Field preset JSON payload without validating that...
CVE-2026-4373
The JetFormBuilder WordPress plugin is affected by CVE-2026-4373: all versions up to 3.5.6.2 allow unauthenticated arbitrary file read via path traversal. This stems from Uploaded_File::set_from_array accepting user-supplied paths from the Media Field JSON without ensuring the path is within Word...
CVE-2026-4373
The JetFormBuilder plugin for WordPress is vulnerable to arbitrary file read via path traversal in all versions up to, and including, 3.5.6.2. This is due to the 'UploadedFile::setfromarray' method accepting user-supplied file paths from the Media Field preset JSON payload without validating that...
CVE-2026-4373 JetFormBuilder <= 3.5.6.2 - Unauthenticated Arbitrary File Read via Media Field
The JetFormBuilder plugin for WordPress is vulnerable to arbitrary file read via path traversal in all versions up to, and including, 3.5.6.2. This is due to the 'UploadedFile::setfromarray' method accepting user-supplied file paths from the Media Field preset JSON payload without validating that...
WordPress plugin JetFormBuilder 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
WordPress JetFormBuilder plugin <= 3.5.3 - Missing Authorization to Unauthenticated Form Generation vulnerability
Missing Authorization to Unauthenticated Form Generation vulnerability discovered by Tri Firdyanto Firdy - ZeroByte in WordPress Plugin JetFormBuilder versions = 3.5.3...
CVE-2025-11991 JetFormBuilder <= 3.5.3 - Missing Authorization to Unauthenticated Form Generation
The JetFormBuilder — Dynamic Blocks Form Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the runcallback function in all versions up to, and including, 3.5.3. This makes it possible for unauthenticated attackers to generate form...
CVE-2025-11991 JetFormBuilder <= 3.5.3 - Missing Authorization to Unauthenticated Form Generation
The JetFormBuilder — Dynamic Blocks Form Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the runcallback function in all versions up to, and including, 3.5.3. This makes it possible for unauthenticated attackers to generate form...
EUVD-2025-203523
The JetFormBuilder — Dynamic Blocks Form Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the runcallback function in all versions up to, and including, 3.5.3. This makes it possible for unauthenticated attackers to generate form...
CVE-2025-11991
CVE-2025-11991 : JetFormBuilder — Dynamic Blocks Form Builder for WordPress suffers unauthenticated data modification due to a missing capability check in run_callback in all versions up to 3.5.3, allowing unauthenticated form generation that can consume the site’s AI usage limits. A patch exists...
WordPress plugin JetFormBuilder 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...
PT-2025-51376
Name of the Vulnerable Software and Affected Versions JetFormBuilder versions up to and including 3.5.3 Description The JetFormBuilder — Dynamic Blocks Form Builder plugin for WordPress has a flaw that allows unauthorized modification of data. A missing capability check on the run callback functi...
WordPress JetFormBuilder plugin <= 3.5.3 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by benzdeus in WordPress Plugin JetFormBuilder versions = 3.5.3...
CVE-2025-64384
Missing Authorization vulnerability in jetmonsters JetFormBuilder jetformbuilder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JetFormBuilder: from n/a through = 3.5.3...