Jetengine
by WordPress
CVEs (23)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-42774 | Cri | 0.60 | 9.3 | 0.00 | May 25, 2026 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Crocoblock JetEngine allows SQL Injection. This issue affects JetEngine: from n/a through 3.8.8.1. | ||
| CVE-2026-32355 | Hig | 0.57 | 8.8 | 0.00 | Mar 13, 2026 | Deserialization of Untrusted Data vulnerability in Crocoblock JetEngine jet-engine allows Object Injection.This issue affects JetEngine: from n/a through < 3.8.4.1. | ||
| CVE-2023-48757 | Hig | 0.57 | 8.8 | 0.01 | May 17, 2024 | Improper Privilege Management vulnerability in Crocoblock JetEngine allows Privilege Escalation.This issue affects JetEngine: from n/a through 3.2.4. | ||
| CVE-2023-1406 | Hig | 0.57 | 8.8 | 0.02 | Apr 10, 2023 | The JetEngine WordPress plugin before 3.1.3.1 includes uploaded files without adequately ensuring that they are not executable, leading to a remote code execution vulnerability. | ||
| CVE-2026-28134 | Hig | 0.55 | 8.5 | 0.00 | Mar 5, 2026 | Improper Control of Generation of Code ('Code Injection') vulnerability in Crocoblock JetEngine jet-engine allows Remote Code Inclusion.This issue affects JetEngine: from n/a through <= 3.7.2. | ||
| CVE-2025-53194 | Hig | 0.55 | 8.5 | 0.00 | Aug 20, 2025 | Deserialization of Untrusted Data vulnerability in Crocoblock JetEngine jet-engine allows Code Injection.This issue affects JetEngine: from n/a through <= 3.7.0. | ||
| CVE-2026-4352 | Hig | 0.49 | 7.5 | 0.00 | Apr 14, 2026 | The JetEngine plugin for WordPress is vulnerable to SQL Injection via the Custom Content Type (CCT) REST API search endpoint in all versions up to, and including, 3.8.6.1. This is due to the `_cct_search` parameter being interpolated directly into a SQL query string via… | ||
| CVE-2026-4662 | Hig | 0.49 | 7.5 | 0.00 | Mar 24, 2026 | The JetEngine plugin for WordPress is vulnerable to SQL Injection via the `listing_load_more` AJAX action in all versions up to, and including, 3.8.6.1. This is due to the `filtered_query` parameter being excluded from the HMAC signature validation (allowing attacker-controlled… | ||
| CVE-2025-68495 | Hig | 0.46 | 7.1 | 0.00 | Feb 20, 2026 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetEngine jet-engine allows Reflected XSS.This issue affects JetEngine: from n/a through <= 3.8.0. | ||
| CVE-2025-67923 | Hig | 0.46 | 7.1 | 0.00 | Jan 22, 2026 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetEngine jet-engine allows Reflected XSS.This issue affects JetEngine: from n/a through <= 3.7.7. | ||
| CVE-2023-48758 | Hig | 0.46 | 7.1 | 0.00 | Jan 2, 2025 | Missing Authorization vulnerability in Crocoblock JetEngine jet-engine allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JetEngine: from n/a through <= 3.2.4. | ||
| CVE-2025-49938 | Med | 0.42 | 6.5 | 0.00 | Oct 22, 2025 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetEngine jet-engine allows Stored XSS.This issue affects JetEngine: from n/a through <= 3.7.3. | ||
| CVE-2025-53196 | Med | 0.42 | 6.5 | 0.00 | Aug 20, 2025 | Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetEngine jet-engine allows Retrieve Embedded Sensitive Data.This issue affects JetEngine: from n/a through <= 3.7.0. | ||
| CVE-2025-69333 | Med | 0.28 | 4.3 | 0.00 | Jan 7, 2026 | Missing Authorization vulnerability in Crocoblock JetEngine jet-engine allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JetEngine: from n/a through <= 3.8.1.1. | ||
| CVE-2026-54189 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.10 versions. | |||
| CVE-2026-54188 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.10 versions. | |||
| CVE-2026-54187 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated SQL Injection in JetEngine <= 3.8.10.1 versions. | |||
| CVE-2026-52706 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated PHP Object Injection in JetEngine <= 3.8.10 versions. | |||
| CVE-2026-49084 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated SQL Injection in JetEngine < 3.8.9.1 versions. | |||
| CVE-2026-49076 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated SQL Injection in JetEngine <= 3.8.9.1 versions. |
- risk 0.60cvss 9.3epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Crocoblock JetEngine allows SQL Injection. This issue affects JetEngine: from n/a through 3.8.8.1.
- risk 0.57cvss 8.8epss 0.00
Deserialization of Untrusted Data vulnerability in Crocoblock JetEngine jet-engine allows Object Injection.This issue affects JetEngine: from n/a through < 3.8.4.1.
- risk 0.57cvss 8.8epss 0.01
Improper Privilege Management vulnerability in Crocoblock JetEngine allows Privilege Escalation.This issue affects JetEngine: from n/a through 3.2.4.
- risk 0.57cvss 8.8epss 0.02
The JetEngine WordPress plugin before 3.1.3.1 includes uploaded files without adequately ensuring that they are not executable, leading to a remote code execution vulnerability.
- risk 0.55cvss 8.5epss 0.00
Improper Control of Generation of Code ('Code Injection') vulnerability in Crocoblock JetEngine jet-engine allows Remote Code Inclusion.This issue affects JetEngine: from n/a through <= 3.7.2.
- risk 0.55cvss 8.5epss 0.00
Deserialization of Untrusted Data vulnerability in Crocoblock JetEngine jet-engine allows Code Injection.This issue affects JetEngine: from n/a through <= 3.7.0.
- risk 0.49cvss 7.5epss 0.00
The JetEngine plugin for WordPress is vulnerable to SQL Injection via the Custom Content Type (CCT) REST API search endpoint in all versions up to, and including, 3.8.6.1. This is due to the `_cct_search` parameter being interpolated directly into a SQL query string via…
- risk 0.49cvss 7.5epss 0.00
The JetEngine plugin for WordPress is vulnerable to SQL Injection via the `listing_load_more` AJAX action in all versions up to, and including, 3.8.6.1. This is due to the `filtered_query` parameter being excluded from the HMAC signature validation (allowing attacker-controlled…
- risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetEngine jet-engine allows Reflected XSS.This issue affects JetEngine: from n/a through <= 3.8.0.
- risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetEngine jet-engine allows Reflected XSS.This issue affects JetEngine: from n/a through <= 3.7.7.
- risk 0.46cvss 7.1epss 0.00
Missing Authorization vulnerability in Crocoblock JetEngine jet-engine allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JetEngine: from n/a through <= 3.2.4.
- risk 0.42cvss 6.5epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetEngine jet-engine allows Stored XSS.This issue affects JetEngine: from n/a through <= 3.7.3.
- risk 0.42cvss 6.5epss 0.00
Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetEngine jet-engine allows Retrieve Embedded Sensitive Data.This issue affects JetEngine: from n/a through <= 3.7.0.
- risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Crocoblock JetEngine jet-engine allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JetEngine: from n/a through <= 3.8.1.1.
- CVE-2026-54189Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.10 versions.
- CVE-2026-54188Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.10 versions.
- CVE-2026-54187Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated SQL Injection in JetEngine <= 3.8.10.1 versions.
- CVE-2026-52706Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated PHP Object Injection in JetEngine <= 3.8.10 versions.
- CVE-2026-49084Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated SQL Injection in JetEngine < 3.8.9.1 versions.
- CVE-2026-49076Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated SQL Injection in JetEngine <= 3.8.9.1 versions.
Page 1 of 2