Crocoblock Jetengine
17 CVEs affecting Crocoblock Jetengine. Latest disclosed: 2026-05-25. Critical: 1, High: 9.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-42774 | Critical | 9.3 | 2026-05-25 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Crocoblock JetEngine allows SQL Injection. This issue af… |
CVE-2026-32355 | High | 8.8 | 2026-03-13 | Deserialization of Untrusted Data vulnerability in Crocoblock JetEngine jet-engine allows Object Injection.This issue affects JetEngine: from n/a through < 3.8… |
CVE-2023-48757 | High | 8.8 | 2024-05-17 | Improper Privilege Management vulnerability in Crocoblock JetEngine allows Privilege Escalation.This issue affects JetEngine: from n/a through 3.2.4. |
CVE-2026-28134 | High | 8.5 | 2026-03-05 | Improper Control of Generation of Code ('Code Injection') vulnerability in Crocoblock JetEngine jet-engine allows Remote Code Inclusion.This issue affects JetE… |
CVE-2025-53194 | High | 8.5 | 2025-08-20 | Deserialization of Untrusted Data vulnerability in Crocoblock JetEngine jet-engine allows Code Injection.This issue affects JetEngine: from n/a through <= 3.7… |
CVE-2026-4352 | High | 7.5 | 2026-04-14 | The JetEngine plugin for WordPress is vulnerable to SQL Injection via the Custom Content Type (CCT) REST API search endpoint in all versions up to, and includi… |
CVE-2026-4662 | High | 7.5 | 2026-03-24 | The JetEngine plugin for WordPress is vulnerable to SQL Injection via the `listing_load_more` AJAX action in all versions up to, and including, 3.8.6.1. This i… |
CVE-2025-68495 | High | 7.1 | 2026-02-20 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetEngine jet-engine allows Reflected XSS.This… |
CVE-2025-67923 | High | 7.1 | 2026-01-22 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetEngine jet-engine allows Reflected XSS.This… |
CVE-2023-48758 | High | 7.1 | 2025-01-02 | Missing Authorization vulnerability in Crocoblock JetEngine jet-engine allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affec… |
CVE-2025-49938 | Medium | 6.5 | 2025-10-22 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetEngine jet-engine allows Stored XSS.This is… |
CVE-2025-53196 | Medium | 6.5 | 2025-08-20 | Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetEngine jet-engine allows Retrieve Embedded Sensitive Data.This issue affects J… |
CVE-2025-53195 | Medium | 6.5 | 2025-08-20 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetEngine jet-engine allows Stored XSS.This is… |
CVE-2025-54688 | Medium | 6.5 | 2025-08-14 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetEngine jet-engine allows Stored XSS.This is… |
CVE-2025-26870 | Medium | 6.5 | 2025-04-15 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetEngine jet-engine allows DOM-Based XSS.This… |
CVE-2025-0369 | Medium | 6.4 | 2025-01-18 | The JetEngine plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘list_tag’ parameter in all versions up to, and including, 3.6.2 due to… |
CVE-2025-69333 | Medium | 4.3 | 2026-01-07 | Missing Authorization vulnerability in Crocoblock JetEngine jet-engine allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affec… |