VYPR

jet-engine

by Crocoblock

CVEs (4)

  • CVE-2021-41844CriDec 15, 2021
    risk 0.64cvss 9.8epss 0.01

    Crocoblock JetEngine before 2.9.1 does not properly validate and sanitize form data.

  • CVE-2025-49938MedOct 22, 2025
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetEngine jet-engine allows Stored XSS.This issue affects JetEngine: from n/a through <= 3.7.3.

  • CVE-2025-0369MedJan 18, 2025
    risk 0.42cvss 6.4epss 0.00

    The JetEngine plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘list_tag’ parameter in all versions up to, and including, 3.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with…

  • CVE-2021-38607MedAug 16, 2021
    risk 0.35cvss 5.4epss 0.01

    Crocoblock JetEngine before 2.6.1 allows XSS by remote authenticated users via a custom form input.