Crocoblock

Jetengine

20 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2026-12360

  • EPSS 0.32%
  • Veröffentlicht 17.06.2026 04:32:05
  • Zuletzt bearbeitet 17.06.2026 04:32:05

The JetEngine plugin for WordPress is vulnerable to SQL injection in all versions up to and including 3.8.10.1. The listing_load_more AJAX handler accepts a filtered_query parameter that is intentionally excluded from the HMAC query signature check t...

9.3

CVE-2026-42774

  • EPSS 0.37%
  • Veröffentlicht 25.05.2026 22:34:09
  • Zuletzt bearbeitet 26.05.2026 19:31:20

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Crocoblock JetEngine allows SQL Injection. This issue affects JetEngine: from n/a through 3.8.8.1.

7.5

CVE-2026-4352

  • EPSS 0.37%
  • Veröffentlicht 14.04.2026 01:25:01
  • Zuletzt bearbeitet 22.04.2026 20:23:16

The JetEngine plugin for WordPress is vulnerable to SQL Injection via the Custom Content Type (CCT) REST API search endpoint in all versions up to, and including, 3.8.6.1. This is due to the `_cct_search` parameter being interpolated directly into a ...

7.5

CVE-2026-4662

  • EPSS 0.32%
  • Veröffentlicht 24.03.2026 04:27:50
  • Zuletzt bearbeitet 24.04.2026 16:32:53

The JetEngine plugin for WordPress is vulnerable to SQL Injection via the `listing_load_more` AJAX action in all versions up to, and including, 3.8.6.1. This is due to the `filtered_query` parameter being excluded from the HMAC signature validation (...

8.8

CVE-2026-32355

  • EPSS 0.36%
  • Veröffentlicht 13.03.2026 11:42:00
  • Zuletzt bearbeitet 22.04.2026 21:30:26

Deserialization of Untrusted Data vulnerability in Crocoblock JetEngine jet-engine allows Object Injection.This issue affects JetEngine: from n/a through < 3.8.4.1.

8.5

CVE-2026-28134

  • EPSS 0.23%
  • Veröffentlicht 05.03.2026 06:16:48
  • Zuletzt bearbeitet 22.04.2026 21:27:27

Improper Control of Generation of Code ('Code Injection') vulnerability in Crocoblock JetEngine jet-engine allows Remote Code Inclusion.This issue affects JetEngine: from n/a through <= 3.7.2.

7.1

CVE-2025-68495

  • EPSS 0.18%
  • Veröffentlicht 20.02.2026 15:46:38
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetEngine jet-engine allows Reflected XSS.This issue affects JetEngine: from n/a through <= 3.8.0.

7.1

CVE-2025-67923

  • EPSS 0.26%
  • Veröffentlicht 22.01.2026 16:51:52
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetEngine jet-engine allows Reflected XSS.This issue affects JetEngine: from n/a through <= 3.7.7.

4.3

CVE-2025-69333

  • EPSS 0.16%
  • Veröffentlicht 07.01.2026 11:52:24
  • Zuletzt bearbeitet 23.04.2026 15:36:22

Missing Authorization vulnerability in Crocoblock JetEngine jet-engine allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JetEngine: from n/a through <= 3.8.1.1.

6.5

CVE-2025-49938

  • EPSS 0.2%
  • Veröffentlicht 22.10.2025 14:32:16
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetEngine jet-engine allows Stored XSS.This issue affects JetEngine: from n/a through <= 3.7.3.