Jetengine
by WordPress
CVEs (23)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-49075 | 0.00 | — | 0.00 | Jun 17, 2026 | Contributor PHP Object Injection in JetEngine <= 3.8.9.1 versions. | |||
| CVE-2026-49074 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.9.1 versions. | |||
| CVE-2026-12360 | 0.00 | — | 0.00 | Jun 17, 2026 | The JetEngine plugin for WordPress is vulnerable to SQL injection in all versions up to and including 3.8.10.1. The listing_load_more AJAX handler accepts a filtered_query parameter that is intentionally excluded from the HMAC query signature check to support front-end filter… |
- CVE-2026-49075Jun 17, 2026risk 0.00cvss —epss 0.00
Contributor PHP Object Injection in JetEngine <= 3.8.9.1 versions.
- CVE-2026-49074Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.9.1 versions.
- CVE-2026-12360Jun 17, 2026risk 0.00cvss —epss 0.00
The JetEngine plugin for WordPress is vulnerable to SQL injection in all versions up to and including 3.8.10.1. The listing_load_more AJAX handler accepts a filtered_query parameter that is intentionally excluded from the HMAC query signature check to support front-end filter…
Page 2 of 2