88 matches found
EUVD-2026-37637
Subscriber Privilege Escalation in JetFormBuilder = 3.6.1 versions...
EUVD-2026-37636
Unauthenticated Cross Site Scripting XSS in JetFormBuilder = 3.6.0.1 versions...
CVE-2026-54195
Unauthenticated Cross Site Scripting XSS in JetFormBuilder = 3.6.0.1 versions...
CVE-2026-54196
Subscriber Privilege Escalation in JetFormBuilder = 3.6.1 versions...
CVE-2026-54196
Technical details are not publicly provided in the supplied documents. Monitor for updates on affected versions, impact, and fixes.
CVE-2026-54196 WordPress JetFormBuilder plugin <= 3.6.1 - Privilege Escalation vulnerability
Subscriber Privilege Escalation in JetFormBuilder = 3.6.1 versions...
CVE-2026-54195 WordPress JetFormBuilder plugin <= 3.6.0.1 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in JetFormBuilder = 3.6.0.1 versions...
CVE-2026-54195
CVE-2026-54195 affects the WordPress JetFormBuilder plugin older than or equal to 3.6.0.1, with an unauthenticated Cross Site Scripting (XSS) vulnerability. The CVSS-3.1 vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L, indicating a network-exposed issue that requires user interaction and h...
CVE-2026-32525
Improper Control of Generation of Code 'Code Injection' vulnerability in jetmonsters JetFormBuilder jetformbuilder allows Code Injection.This issue affects JetFormBuilder: from n/a through = 3.5.6.1...
CVE-2026-4373
The JetFormBuilder plugin for WordPress is vulnerable to arbitrary file read via path traversal in all versions up to, and including, 3.5.6.2. This is due to the 'UploadedFile::setfromarray' method accepting user-supplied file paths from the Media Field preset JSON payload without validating that...
EUVD-2026-15889
Improper Control of Generation of Code 'Code Injection' vulnerability in jetmonsters JetFormBuilder jetformbuilder allows Code Injection.This issue affects JetFormBuilder: from n/a through = 3.5.6.1...
CVE-2026-32525
Improper Control of Generation of Code 'Code Injection' vulnerability in jetmonsters JetFormBuilder jetformbuilder allows Code Injection.This issue affects JetFormBuilder: from n/a through = 3.5.6.1...
CVE-2026-32525
JetFormBuilder WordPress plugin versions
CVE-2026-32525 WordPress JetFormBuilder plugin <= 3.5.6.1 - Remote Code Execution (RCE) vulnerability
Improper Control of Generation of Code 'Code Injection' vulnerability in jetmonsters JetFormBuilder jetformbuilder allows Code Injection.This issue affects JetFormBuilder: from n/a through = 3.5.6.1...
CVE-2026-32525 WordPress JetFormBuilder plugin <= 3.5.6.1 - Remote Code Execution (RCE) vulnerability
Improper Control of Generation of Code 'Code Injection' vulnerability in jetmonsters JetFormBuilder jetformbuilder allows Code Injection.This issue affects JetFormBuilder: from n/a through = 3.5.6.1...
PT-2026-28039
Name of the Vulnerable Software and Affected Versions JetFormBuilder versions through 3.5.6.1 Description A code injection issue exists in JetFormBuilder. The flaw resides in improper control of code generation, potentially allowing for code injection. The vulnerability could allow an attacker to...
WordPress plugin JetFormBuilder 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
WordPress JetFormBuilder plugin <= 3.5.6.2 - Unauthenticated Arbitrary File Read via Media Field vulnerability
Unauthenticated Arbitrary File Read via Media Field vulnerability discovered by daroo in WordPress Plugin JetFormBuilder versions = 3.5.6.2...
WordPress JetFormBuilder plugin <= 3.5.6.1 - Remote Code Execution (RCE) vulnerability
Remote Code Execution RCE vulnerability discovered by daroo in WordPress Plugin JetFormBuilder versions = 3.5.6.1...
EUVD-2026-14240
The JetFormBuilder plugin for WordPress is vulnerable to arbitrary file read via path traversal in all versions up to, and including, 3.5.6.2. This is due to the 'UploadedFile::setfromarray' method accepting user-supplied file paths from the Media Field preset JSON payload without validating that...