28 matches found
WordPress plugin JetEngine ไปฃ็ ้ฎ้ขๆผๆด
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...
JetEngine < 3.1.3.1 - Author+ Remote Code Execution
The plugin includes uploaded files without adequately ensuring that they are not executable, leading to a remote code execution vulnerability. fetch"/wp-admin/admin.php?action=jetengineformsimport", "headers": "accept": "text/html", "content-type": "multipart/form-data;...
crocoblock JetEngine code issue vulnerability
crocoblock JetEngine is a dynamic content plugin that allows you to build complex websites quickly and cost-effectively. crocoblock JetEngine versions prior to 2.9.1 are vulnerable to a code issue that stems from the application's inability to properly validate and clean up form data. An attacker...
Code injection
Crocoblock JetEngine before 2.9.1 does not properly validate and sanitize form data...
CVE-2021-41844
CVE-2021-41844 affects Crocoblock JetEngine (pre-2.9.1). The root cause is improper validation and sanitization of form data, enabling unauthenticated or low-privilege abuse via network access as described by the CVE records. NVD lists high/critical impact metrics (C/P/I/A partial to high) with n...
Crocoblock JetEngine Cross-Site Scripting Vulnerability
Crocoblock JetEngine is a dynamic content plugin that allows you to build complex websites quickly and cost-effectively.A cross-site scripting vulnerability exists in Crocoblock JetEngine that can be exploited by attackers to perform XSS via custom form input...
CVE-2021-38607
Crocoblock JetEngine before 2.6.1 allows XSS by remote authenticated users via a custom form input...
CVE-2021-38607
CVE-2021-38607 affects Crocoblock JetEngine prior to 2.6.1, where XSS is possible via a custom form input by remote authenticated users. The issue stems from an input handling flaw in the plugin component responsible for form data, enabling reflected or stored XSS depending on how the input is pr...