VYPR

Jetengine

by WordPress

CVEs (23)

  • CVE-2026-42774CriMay 25, 2026
    risk 0.60cvss 9.3epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Crocoblock JetEngine allows SQL Injection. This issue affects JetEngine: from n/a through 3.8.8.1.

  • CVE-2026-32355HigMar 13, 2026
    risk 0.57cvss 8.8epss 0.00

    Deserialization of Untrusted Data vulnerability in Crocoblock JetEngine jet-engine allows Object Injection.This issue affects JetEngine: from n/a through < 3.8.4.1.

  • CVE-2023-48757HigMay 17, 2024
    risk 0.57cvss 8.8epss 0.01

    Improper Privilege Management vulnerability in Crocoblock JetEngine allows Privilege Escalation.This issue affects JetEngine: from n/a through 3.2.4.

  • CVE-2023-1406HigApr 10, 2023
    risk 0.57cvss 8.8epss 0.02

    The JetEngine WordPress plugin before 3.1.3.1 includes uploaded files without adequately ensuring that they are not executable, leading to a remote code execution vulnerability.

  • CVE-2026-28134HigMar 5, 2026
    risk 0.55cvss 8.5epss 0.00

    Improper Control of Generation of Code ('Code Injection') vulnerability in Crocoblock JetEngine jet-engine allows Remote Code Inclusion.This issue affects JetEngine: from n/a through <= 3.7.2.

  • CVE-2025-53194HigAug 20, 2025
    risk 0.55cvss 8.5epss 0.00

    Deserialization of Untrusted Data vulnerability in Crocoblock JetEngine jet-engine allows Code Injection.This issue affects JetEngine: from n/a through <= 3.7.0.

  • CVE-2026-4352HigApr 14, 2026
    risk 0.49cvss 7.5epss 0.00

    The JetEngine plugin for WordPress is vulnerable to SQL Injection via the Custom Content Type (CCT) REST API search endpoint in all versions up to, and including, 3.8.6.1. This is due to the `_cct_search` parameter being interpolated directly into a SQL query string via…

  • CVE-2026-4662HigMar 24, 2026
    risk 0.49cvss 7.5epss 0.00

    The JetEngine plugin for WordPress is vulnerable to SQL Injection via the `listing_load_more` AJAX action in all versions up to, and including, 3.8.6.1. This is due to the `filtered_query` parameter being excluded from the HMAC signature validation (allowing attacker-controlled…

  • CVE-2025-68495HigFeb 20, 2026
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetEngine jet-engine allows Reflected XSS.This issue affects JetEngine: from n/a through <= 3.8.0.

  • CVE-2025-67923HigJan 22, 2026
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetEngine jet-engine allows Reflected XSS.This issue affects JetEngine: from n/a through <= 3.7.7.

  • CVE-2023-48758HigJan 2, 2025
    risk 0.46cvss 7.1epss 0.00

    Missing Authorization vulnerability in Crocoblock JetEngine jet-engine allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JetEngine: from n/a through <= 3.2.4.

  • CVE-2025-49938MedOct 22, 2025
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetEngine jet-engine allows Stored XSS.This issue affects JetEngine: from n/a through <= 3.7.3.

  • CVE-2025-53196MedAug 20, 2025
    risk 0.42cvss 6.5epss 0.00

    Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetEngine jet-engine allows Retrieve Embedded Sensitive Data.This issue affects JetEngine: from n/a through <= 3.7.0.

  • CVE-2025-69333MedJan 7, 2026
    risk 0.28cvss 4.3epss 0.00

    Missing Authorization vulnerability in Crocoblock JetEngine jet-engine allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JetEngine: from n/a through <= 3.8.1.1.

  • CVE-2026-54189Jun 17, 2026
    risk 0.00cvss epss 0.00

    Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.10 versions.

  • CVE-2026-54188Jun 17, 2026
    risk 0.00cvss epss 0.00

    Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.10 versions.

  • CVE-2026-54187Jun 17, 2026
    risk 0.00cvss epss 0.00

    Unauthenticated SQL Injection in JetEngine <= 3.8.10.1 versions.

  • CVE-2026-52706Jun 17, 2026
    risk 0.00cvss epss 0.00

    Unauthenticated PHP Object Injection in JetEngine <= 3.8.10 versions.

  • CVE-2026-49084Jun 17, 2026
    risk 0.00cvss epss 0.00

    Unauthenticated SQL Injection in JetEngine < 3.8.9.1 versions.

  • CVE-2026-49076Jun 17, 2026
    risk 0.00cvss epss 0.00

    Unauthenticated SQL Injection in JetEngine <= 3.8.9.1 versions.

Page 1 of 2