Crocoblock JetEngine before 2.6.1 allows XSS by remote authenticated users via a custom form input.
5.4CVSS
5AI Score
0.001EPSS
Crocoblock JetEngine before 2.9.1 does not properly validate and sanitize form data.
9.8CVSS
9.4AI Score
0.002EPSS
The JetEngine WordPress plugin before 3.1.3.1 includes uploaded files without adequately ensuring that they are not executable, leading to a remote code execution vulnerability.
8.8CVSS
9AI Score
0.002EPSS
Improper Privilege Management vulnerability in Crocoblock JetEngine allows Privilege Escalation.This issue affects JetEngine: from n/a through 3.2.4.
8.8CVSS
6.8AI Score
0.0004EPSS
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Crocoblock JetThemeCore allows File Manipulation.This issue affects JetThemeCore: from n/a before 2.2.1.
7.7CVSS
7.5AI Score
0.0004EPSS
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Crocoblock JetGridBuilder allows PHP Local File Inclusion.This issue affects JetGridBuilder: from n/a through 1.1.2.
8.5CVSS
8.5AI Score
0.0004EPSS
The JetSearch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 3.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above,...
6.4CVSS
5.8AI Score
0.0004EPSS