93 matches found
CVE-2023-48763
Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Crocoblock JetFormBuilder allows Code Injection.This issue affects JetFormBuilder: from n/a through 3.1.4...
CVE-2023-33212
Cross-Site Request Forgery CSRF vulnerability in Crocoblock JetFormBuilder — Dynamic Blocks Form Builder plugin = 3.0.6 versions...
CVE-2023-37866
Improper Privilege Management vulnerability in Crocoblock JetFormBuilder allows Privilege Escalation.This issue affects JetFormBuilder: from n/a through 3.0.8...
CVE-2024-7291
The JetFormBuilder plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.3.4.1. This is due to improper restriction on user meta fields. This makes it possible for authenticated attackers, with administrator-level and above permissions, to register as...
WordPress JetFormBuilder plugin <= 3.3.4.1 - Authenticated (Administrator+) Privilege Escalation vulnerability
Authenticated Administrator+ Privilege Escalation vulnerability discovered by István Márton in WordPress Plugin JetFormBuilder versions = 3.3.4.1...
WordPress JetFormBuilder Plugin <= 3.3.4.1 is vulnerable to Privilege Escalation
Software JetFormBuilder Type Plugin Vulnerable versions = 3.3.4.1 Fixed in 3.3.4.2 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-7291 Patch priority Low CVSS severity Low 7.2 Developer Crocoblock PSID 30c9168f58bb Credits István Márto...
CVE-2024-7291
The JetFormBuilder plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.3.4.1. This is due to improper restriction on user meta fields. This makes it possible for authenticated attackers, with administrator-level and above permissions, to register as...
CVE-2024-7291 JetFormBuilder <= 3.3.4.1 - Authenticated (Administrator+) Privilege Escalation
The JetFormBuilder plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.3.4.1. This is due to improper restriction on user meta fields. This makes it possible for authenticated attackers, with administrator-level and above permissions, to register as...
CVE-2024-7291 JetFormBuilder <= 3.3.4.1 - Authenticated (Administrator+) Privilege Escalation
The JetFormBuilder plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.3.4.1. This is due to improper restriction on user meta fields. This makes it possible for authenticated attackers, with administrator-level and above permissions, to register as...
CVE-2024-7291
The CVE-2024-7291 entry concerns JetFormBuilder for WordPress. It describes an authenticated privilege-escalation flaw in versions up to and including 3.3.4.1 caused by improper restriction on user meta fields, enabling an administrator+ on multi-site installations to register as a super-admin. C...
PT-2024-38240 · WordPress · Jetformbuilder
Name of the Vulnerable Software and Affected Versions: JetFormBuilder plugin for WordPress versions up to, and including, 3.3.4.1 Description: The issue is related to improper restriction on user meta fields, allowing authenticated attackers with administrator-level and above permissions to...
WordPress plugin JetFormBuilder 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security...
CVE-2023-37866
Improper Privilege Management vulnerability in Crocoblock JetFormBuilder allows Privilege Escalation.This issue affects JetFormBuilder: from n/a through 3.0.8...
CVE-2023-37866 WordPress JetFormBuilder plugin <= 3.0.8 - Authenticated Privilege Escalation vulnerability
Improper Privilege Management vulnerability in Crocoblock JetFormBuilder allows Privilege Escalation.This issue affects JetFormBuilder: from n/a through 3.0.8...
CVE-2023-37866
CVE-2023-37866 affects JetFormBuilder (WordPress plugin by Crocoblock) up to version 3.0.8. Primary issue is Improper Privilege Management that enables Authenticated Privilege Escalation (Author level privileges required) with in-network access and no user interaction. The vulnerability correspon...
CVE-2023-37866 WordPress JetFormBuilder plugin <= 3.0.8 - Authenticated Privilege Escalation vulnerability
Improper Privilege Management vulnerability in Crocoblock JetFormBuilder allows Privilege Escalation.This issue affects JetFormBuilder: from n/a through 3.0.8...
WordPress plugin JetFormBuilder 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
CVE-2023-48763
Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Crocoblock JetFormBuilder allows Code Injection.This issue affects JetFormBuilder: from n/a through 3.1.4...
CVE-2023-48763 WordPress JetFormBuilder plugin <= 3.1.4 - Content Injection vulnerability
Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Crocoblock JetFormBuilder allows Code Injection.This issue affects JetFormBuilder: from n/a through 3.1.4...
CVE-2023-48763 WordPress JetFormBuilder plugin <= 3.1.4 - Content Injection vulnerability
Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Crocoblock JetFormBuilder allows Code Injection.This issue affects JetFormBuilder: from n/a through 3.1.4...