VYPR

Jetengine

by WordPress

CVEs (23)

  • CVE-2026-49075Jun 17, 2026
    risk 0.00cvss epss 0.00

    Contributor PHP Object Injection in JetEngine <= 3.8.9.1 versions.

  • CVE-2026-49074Jun 17, 2026
    risk 0.00cvss epss 0.00

    Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.9.1 versions.

  • CVE-2026-12360Jun 17, 2026
    risk 0.00cvss epss 0.00

    The JetEngine plugin for WordPress is vulnerable to SQL injection in all versions up to and including 3.8.10.1. The listing_load_more AJAX handler accepts a filtered_query parameter that is intentionally excluded from the HMAC query signature check to support front-end filter…

Page 2 of 2