CVE-2026-42774 WordPress JetEngine plugin <= 3.8.8.1 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Crocoblock JetEngine allows SQL Injection. This issue affects JetEngine: from n/a through 3.8.8.1...

WordPress JetEngine plugin <= 3.8.8.1 - SQL Injection vulnerability

SQL Injection vulnerability discovered by daroo in WordPress Plugin JetEngine versions = 3.8.8.1...

WordPress JetEngine plugin <= 3.8.6.1 - Unauthenticated SQL Injection via Listing Grid 'filtered_query' Parameter vulnerability

Unauthenticated SQL Injection via Listing Grid 'filteredquery' Parameter vulnerability discovered by hoshino in WordPress Plugin JetEngine versions = 3.8.6.1...

CVE-2025-68495 WordPress JetEngine plugin <= 3.8.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Crocoblock JetEngine jet-engine allows Reflected XSS.This issue affects JetEngine: from n/a through = 3.8.0...

WordPress JetEngine plugin <= 3.8.0 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Bonds in WordPress Plugin JetEngine versions = 3.8.0...

CVE-2025-67923 WordPress JetEngine plugin <= 3.7.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Crocoblock JetEngine jet-engine allows Reflected XSS.This issue affects JetEngine: from n/a through = 3.7.7...

CVE-2025-69333 WordPress JetEngine plugin <= 3.8.1.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Crocoblock JetEngine jet-engine allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JetEngine: from n/a through = 3.8.1.1...

CVE-2025-69333 WordPress JetEngine plugin <= 3.8.1.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Crocoblock JetEngine jet-engine allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JetEngine: from n/a through = 3.8.1.1...

CVE-2025-53195 WordPress JetEngine plugin <= 3.7.0 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Crocoblock JetEngine allows Stored XSS. This issue affects JetEngine: from n/a through 3.7.0...

CVE-2025-53194 WordPress JetEngine <= 3.7.0 - Remote Code Execution (RCE) Vulnerability

Deserialization of Untrusted Data vulnerability in Crocoblock JetEngine jet-engine allows Code Injection.This issue affects JetEngine: from n/a through = 3.7.0...

CVE-2025-53196 WordPress JetEngine <= 3.7.0 - Sensitive Data Exposure Vulnerability

Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetEngine jet-engine allows Retrieve Embedded Sensitive Data.This issue affects JetEngine: from n/a through = 3.7.0...

CVE-2025-53196 WordPress JetEngine <= 3.7.0 - Sensitive Data Exposure Vulnerability

Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetEngine jet-engine allows Retrieve Embedded Sensitive Data.This issue affects JetEngine: from n/a through = 3.7.0...

WordPress JetEngine <= 3.7.0 - Sensitive Data Exposure Vulnerability

Sensitive Data Exposure Vulnerability discovered by stealthcopter in WordPress Plugin JetEngine versions = 3.7.0...

WordPress JetEngine <= 3.7.0 - Remote Code Execution (RCE) Vulnerability

Remote Code Execution RCE Vulnerability discovered by stealthcopter in WordPress Plugin JetEngine versions = 3.7.0...

CVE-2025-26870 WordPress JetEngine plugin <= 3.6.4.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Crocoblock JetEngine jet-engine allows DOM-Based XSS.This issue affects JetEngine: from n/a through = 3.6.4.1...

CVE-2025-26870

CVE-2025-26870 is a DOM-based Cross-Site Scripting vulnerability in JetEngine (NotFound) with the root cause described as improper neutralization of input during web page generation, enabling a DOM-based XSS condition. The vulnerability affects JetEngine versions up to 3.6.4.1 and is classified a...

CVE-2023-48758 WordPress JetEngine plugin <= 3.2.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in Crocoblock JetEngine jet-engine allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JetEngine: from n/a through = 3.2.4...

CVE-2023-48758 WordPress JetEngine plugin <= 3.2.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in Crocoblock JetEngine jet-engine allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JetEngine: from n/a through = 3.2.4...

WordPress JetEngine Plugin <= 3.2.4 is vulnerable to Broken Access Control

Software JetEngine Type Plugin Vulnerable versions = 3.2.4 Fixed in 3.2.5 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-48758 Patch priority High CVSS severity High 7.1 Developer Crocoblock PSID 14b80894884d Credits Rafie Muhammad Patchstack Required...

WordPress JetEngine Plugin <= 3.2.4 is vulnerable to Privilege Escalation

Software JetEngine Type Plugin Vulnerable versions = 3.2.4 Fixed in 3.2.5 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2023-48757 Patch priority Medium CVSS severity Medium 8.8 Developer Crocoblock PSID 629276ed62fc Credits Rafie Muhammad...