Jetengine Security Vulnerabilities and Issues — Jetengine CVE List

Lucene search

CrocoblockJetengine

6 matches found

CVE•added 2023/04/10 2:15 p.m.•202 views

CVE-2023-1406

The JetEngine WordPress plugin before 3.1.3.1 includes uploaded files without adequately ensuring that they are not executable, leading to a remote code execution vulnerability.

8.8CVSS9AI score0.04969EPSS

CVE•added 2025/01/02 3:15 p.m.•162 views

CVE-2023-48758

Missing Authorization vulnerability in Crocoblock JetEngine allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JetEngine: from n/a through 3.2.4.

7.1CVSS6.9AI score0.00094EPSS

CVE•added 2024/05/17 9:15 a.m.•107 views

CVE-2023-48757

Improper Privilege Management vulnerability in Crocoblock JetEngine allows Privilege Escalation.This issue affects JetEngine: from n/a through 3.2.4.

8.8CVSS6.8AI score0.00127EPSS

CVE•added 2025/01/18 7:15 a.m.•44 views

CVE-2025-0369

The JetEngine plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘list_tag’ parameter in all versions up to, and including, 3.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and ...

6.4CVSS5.8AI score0.00047EPSS

CVE•added 2021/08/16 1:15 p.m.•33 views

CVE-2021-38607

Crocoblock JetEngine before 2.6.1 allows XSS by remote authenticated users via a custom form input.

5.4CVSS5AI score0.00209EPSS

CVE•added 2021/12/15 6:15 a.m.•29 views

CVE-2021-41844

Crocoblock JetEngine before 2.9.1 does not properly validate and sanitize form data.

9.8CVSS9.4AI score0.00504EPSS