Crocoblock

Jetengine

18 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2026-4352

  • EPSS 0.06%
  • Veröffentlicht 14.04.2026 01:25:01
  • Zuletzt bearbeitet 14.04.2026 02:16:05

The JetEngine plugin for WordPress is vulnerable to SQL Injection via the Custom Content Type (CCT) REST API search endpoint in all versions up to, and including, 3.8.6.1. This is due to the `_cct_search` parameter being interpolated directly into a ...

7.5

CVE-2026-4662

  • EPSS 0.1%
  • Veröffentlicht 24.03.2026 04:27:50
  • Zuletzt bearbeitet 24.03.2026 15:53:48

The JetEngine plugin for WordPress is vulnerable to SQL Injection via the `listing_load_more` AJAX action in all versions up to, and including, 3.8.6.1. This is due to the `filtered_query` parameter being excluded from the HMAC signature validation (...

8.8

CVE-2026-32355

  • EPSS 0.05%
  • Veröffentlicht 13.03.2026 11:42:00
  • Zuletzt bearbeitet 16.03.2026 14:53:46

Deserialization of Untrusted Data vulnerability in Crocoblock JetEngine jet-engine allows Object Injection.This issue affects JetEngine: from n/a through < 3.8.4.1.

8.5

CVE-2026-28134

  • EPSS 0.06%
  • Veröffentlicht 05.03.2026 06:16:48
  • Zuletzt bearbeitet 05.03.2026 19:38:33

Improper Control of Generation of Code ('Code Injection') vulnerability in Crocoblock JetEngine jet-engine allows Remote Code Inclusion.This issue affects JetEngine: from n/a through <= 3.7.2.

7.1

CVE-2025-68495

  • EPSS 0.04%
  • Veröffentlicht 20.02.2026 15:46:38
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetEngine jet-engine allows Reflected XSS.This issue affects JetEngine: from n/a through <= 3.8.0.

7.1

CVE-2025-67923

  • EPSS 0.02%
  • Veröffentlicht 22.01.2026 16:51:52
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetEngine jet-engine allows Reflected XSS.This issue affects JetEngine: from n/a through <= 3.7.7.

4.3

CVE-2025-69333

  • EPSS 0.03%
  • Veröffentlicht 07.01.2026 11:52:24
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Missing Authorization vulnerability in Crocoblock JetEngine jet-engine allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JetEngine: from n/a through <= 3.8.1.1.

6.5

CVE-2025-49938

  • EPSS 0.07%
  • Veröffentlicht 22.10.2025 14:32:16
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetEngine jet-engine allows Stored XSS.This issue affects JetEngine: from n/a through <= 3.7.3.

8.5

CVE-2025-53194

  • EPSS 0.05%
  • Veröffentlicht 20.08.2025 08:03:22
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Deserialization of Untrusted Data vulnerability in Crocoblock JetEngine jet-engine allows Code Injection.This issue affects JetEngine: from n/a through <= 3.7.0.

6.5

CVE-2025-53195

  • EPSS 0.03%
  • Veröffentlicht 20.08.2025 08:03:22
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetEngine jet-engine allows Stored XSS.This issue affects JetEngine: from n/a through <= 3.7.0.