CVE-2025-26870

CVE-2025-26870 is a DOM-based Cross-Site Scripting vulnerability in JetEngine (NotFound) with the root cause described as improper neutralization of input during web page generation, enabling a DOM-based XSS condition. The vulnerability affects JetEngine versions up to 3.6.4.1 and is classified a...

CVE-2025-26870 WordPress JetEngine plugin <= 3.6.4.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Crocoblock JetEngine jet-engine allows DOM-Based XSS.This issue affects JetEngine: from n/a through = 3.6.4.1...

CVE-2023-48758 WordPress JetEngine plugin <= 3.2.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in Crocoblock JetEngine jet-engine allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JetEngine: from n/a through = 3.2.4...

CVE-2023-48758 WordPress JetEngine plugin <= 3.2.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in Crocoblock JetEngine jet-engine allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JetEngine: from n/a through = 3.2.4...

WordPress JetEngine Plugin <= 3.2.5.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software JetEngine Type Plugin Vulnerable versions = 3.2.5.1 Fixed in 3.2.5.2 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-48762 Patch priority Low CVSS severity Low 6.3 Developer Crocoblock PSID 289af3150189 Credits Rafie Muhammad Patchstack...

WordPress JetEngine Plugin <= 3.2.4 is vulnerable to Broken Access Control

Software JetEngine Type Plugin Vulnerable versions = 3.2.4 Fixed in 3.2.5 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-48758 Patch priority High CVSS severity High 7.1 Developer Crocoblock PSID 14b80894884d Credits Rafie Muhammad Patchstack Required...

WordPress JetEngine Plugin <= 3.2.4 is vulnerable to Privilege Escalation

Software JetEngine Type Plugin Vulnerable versions = 3.2.4 Fixed in 3.2.5 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2023-48757 Patch priority Medium CVSS severity Medium 8.8 Developer Crocoblock PSID 629276ed62fc Credits Rafie Muhammad...

WordPress JetEngine Plugin < 3.1.3.1 is vulnerable to Remote Code Execution (RCE)

Software JetEngine Type Plugin Vulnerable versions 3.1.3.1 Fixed in 3.1.3.1 OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2023-1406 Patch priority High CVSS severity High 9.1 Developer Crocoblock PSID a91fe4278b33 Credits R3zk0n Required privilege Author Published 11...