jet-engine
by Crocoblock
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-41844 | Cri | 0.64 | 9.8 | 0.01 | Dec 15, 2021 | Crocoblock JetEngine before 2.9.1 does not properly validate and sanitize form data. | ||
| CVE-2025-49938 | Med | 0.42 | 6.5 | 0.00 | Oct 22, 2025 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetEngine jet-engine allows Stored XSS.This issue affects JetEngine: from n/a through <= 3.7.3. | ||
| CVE-2025-0369 | Med | 0.42 | 6.4 | 0.00 | Jan 18, 2025 | The JetEngine plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘list_tag’ parameter in all versions up to, and including, 3.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with… | ||
| CVE-2021-38607 | Med | 0.35 | 5.4 | 0.01 | Aug 16, 2021 | Crocoblock JetEngine before 2.6.1 allows XSS by remote authenticated users via a custom form input. |
- risk 0.64cvss 9.8epss 0.01
Crocoblock JetEngine before 2.9.1 does not properly validate and sanitize form data.
- risk 0.42cvss 6.5epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetEngine jet-engine allows Stored XSS.This issue affects JetEngine: from n/a through <= 3.7.3.
- risk 0.42cvss 6.4epss 0.00
The JetEngine plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘list_tag’ parameter in all versions up to, and including, 3.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with…
- risk 0.35cvss 5.4epss 0.01
Crocoblock JetEngine before 2.6.1 allows XSS by remote authenticated users via a custom form input.