CVE-2026-49079

The CVE concerns the WordPress JetSearch plugin, affected versions are <= 3.5.17. It describes an unauthenticated SQL injection vulnerability in JetSearch that can be exploited over the network without authentication, potentially compromising confidentiality (high) and affecting data queries. ...

CVE-2026-49079 WordPress JetSearch plugin <= 3.5.17 - SQL Injection vulnerability

Unauthenticated SQL Injection in JetSearch = 3.5.17 versions...

WordPress JetSearch plugin <= 3.5.17 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Bonds in WordPress Plugin JetSearch versions = 3.5.17...

CVE-2025-49930 WordPress JetSearch plugin <= 3.5.10 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Crocoblock JetSearch jet-search allows Reflected XSS.This issue affects JetSearch: from n/a through = 3.5.10...

CVE-2025-49930

The CVE-2025-49930 entry concerns the WordPress JetSearch plugin (versions through 3.5.10). The vulnerability is a Reflected Cross-Site Scripting (XSS) caused by improper neutralization of input during web page generation in the jet-search component. Impact per the provided data is reflected XSS ...

EUVD-2024-48111

Malicious code in bioql PyPI...

WordPress JetSearch plugin <= 3.5.10 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by stealthcopter in WordPress Plugin JetSearch versions = 3.5.10...

CVE-2025-53996 WordPress JetSearch plugin <= 3.5.10.1 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Crocoblock JetSearch allows Stored XSS. This issue affects JetSearch: from n/a through 3.5.10.1...

CVE-2024-7136

The JetSearch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 3.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and abov...

CVE-2025-31043 WordPress JetSearch plugin <= 3.5.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Crocoblock JetSearch jet-search allows DOM-Based XSS.This issue affects JetSearch: from n/a through = 3.5.7...

WordPress plugin JetSearch 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripti...

CVE-2024-7136

CVE-2024-7136 affects the JetSearch WordPress plugin (all versions

WordPress JetSearch Plugin <= 3.5.2 is vulnerable to Cross Site Scripting (XSS)

Software JetSearch Type Plugin Vulnerable versions = 3.5.2 Fixed in 3.5.2.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-7136 Patch priority Low CVSS severity Low 6.5 Developer Crocoblock PSID 9a2d0419a5d9 Credits stealthcopter Required privilege...

PT-2024-38102 · WordPress · Jetsearch

Name of the Vulnerable Software and Affected Versions: JetSearch plugin for WordPress versions up to, and including, 3.5.2 Description: The issue is related to Stored Cross-Site Scripting via the id parameter due to insufficient input sanitization and output escaping. This allows authenticated...