Crocoblock

Jetengine

13 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.1

CVE-2025-68495

  • EPSS 0.04%
  • Veröffentlicht 20.02.2026 15:46:38
  • Zuletzt bearbeitet 23.02.2026 22:16:18

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetEngine jet-engine allows Reflected XSS.This issue affects JetEngine: from n/a through <= 3.8.0.

7.1

CVE-2025-67923

  • EPSS 0.04%
  • Veröffentlicht 22.01.2026 16:51:52
  • Zuletzt bearbeitet 28.01.2026 20:16:10

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetEngine jet-engine allows Reflected XSS.This issue affects JetEngine: from n/a through <= 3.7.7.

4.3

CVE-2025-69333

  • EPSS 0.03%
  • Veröffentlicht 07.01.2026 11:52:24
  • Zuletzt bearbeitet 08.01.2026 18:08:54

Missing Authorization vulnerability in Crocoblock JetEngine allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JetEngine: from n/a through 3.8.1.1.

6.5

CVE-2025-49938

  • EPSS 0.06%
  • Veröffentlicht 22.10.2025 14:32:16
  • Zuletzt bearbeitet 20.01.2026 15:16:43

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CrocoBlock JetEngine jet-engine allows Stored XSS.This issue affects JetEngine: from n/a through <= 3.7.3.

8.5

CVE-2025-53194

  • EPSS 0.04%
  • Veröffentlicht 20.08.2025 08:03:22
  • Zuletzt bearbeitet 20.08.2025 14:39:07

Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Crocoblock JetEngine allows Code Injection. This issue affects JetEngine: from n/a through 3.7.0.

6.5

CVE-2025-53195

  • EPSS 0.03%
  • Veröffentlicht 20.08.2025 08:03:22
  • Zuletzt bearbeitet 20.08.2025 14:39:07

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetEngine allows Stored XSS. This issue affects JetEngine: from n/a through 3.7.0.

6.5

CVE-2025-53196

  • EPSS 0.06%
  • Veröffentlicht 20.08.2025 08:03:21
  • Zuletzt bearbeitet 20.08.2025 14:39:07

Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetEngine allows Retrieve Embedded Sensitive Data. This issue affects JetEngine: from n/a through 3.7.0.

6.5

CVE-2025-54688

  • EPSS 0.03%
  • Veröffentlicht 14.08.2025 10:34:49
  • Zuletzt bearbeitet 14.08.2025 13:11:53

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetEngine allows Stored XSS. This issue affects JetEngine: from n/a through 3.7.1.2.

6.4

CVE-2025-0369

  • EPSS 0.13%
  • Veröffentlicht 18.01.2025 07:15:09
  • Zuletzt bearbeitet 18.01.2025 07:15:09

The JetEngine plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘list_tag’ parameter in all versions up to, and including, 3.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authentica...

7.1

CVE-2023-48758

  • EPSS 0.21%
  • Veröffentlicht 02.01.2025 15:15:20
  • Zuletzt bearbeitet 02.01.2025 15:15:20

Missing Authorization vulnerability in Crocoblock JetEngine allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JetEngine: from n/a through 3.2.4.