Lucene search

Jetengine Security Vulnerabilities - January

cve

CVE-2021-38607

Crocoblock JetEngine before 2.6.1 allows XSS by remote authenticated users via a custom form input.

5.4CVSS

5AI Score

0.001EPSS

2021-08-16 01:15 PM

cve

CVE-2021-41844

Crocoblock JetEngine before 2.9.1 does not properly validate and sanitize form data.

9.8CVSS

9.4AI Score

0.002EPSS

2021-12-15 06:15 AM

cve

CVE-2023-1406

The JetEngine WordPress plugin before 3.1.3.1 includes uploaded files without adequately ensuring that they are not executable, leading to a remote code execution vulnerability.

8.8CVSS

9AI Score

0.002EPSS

2023-04-10 02:15 PM

149

cve

CVE-2023-48757

Improper Privilege Management vulnerability in Crocoblock JetEngine allows Privilege Escalation.This issue affects JetEngine: from n/a through 3.2.4.

8.8CVSS

6.8AI Score

0.0004EPSS

2024-05-17 09:15 AM

cve

CVE-2024-37497

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Crocoblock JetThemeCore allows File Manipulation.This issue affects JetThemeCore: from n/a before 2.2.1.

7.7CVSS

7.5AI Score

0.0004EPSS

2024-07-09 12:15 PM

cve

CVE-2024-43221

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Crocoblock JetGridBuilder allows PHP Local File Inclusion.This issue affects JetGridBuilder: from n/a through 1.1.2.

8.5CVSS

8.5AI Score

0.0004EPSS

2024-08-19 05:15 PM

cve

CVE-2024-7136

The JetSearch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 3.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above,...

6.4CVSS

5.8AI Score

0.0004EPSS

2024-08-16 11:15 AM