Search
Search Results (5 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-13459 | 2 Jetmonsters, Wordpress | 2 Jetformbuilder, Wordpress | 2026-07-02 | 5.3 Medium |
| The JetFormBuilder — Dynamic Blocks Form Builder plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.6.3. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to retrieve every distinct value stored under any arbitrary wp_postmeta key on the site — including WooCommerce billing PII such as _billing_email, _billing_phone, and _billing_address fields, order totals, attachment paths, and any third-party plugin credentials or tokens stored in post meta — provided at least one published JetFormBuilder form with a get_from_db generator field exists on the site. Exploitation requires that the target site has at least one published jet-form-builder post containing a field whose generator_function is set to get_from_db; an attacker must supply a matching form ID, field name, and generator ID in the request, but all of these can be discovered by browsing the site's public forms. | ||||
| CVE-2026-54195 | 2 Jetmonsters, Wordpress | 2 Jetformbuilder, Wordpress | 2026-06-17 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in JetFormBuilder <= 3.6.0.1 versions. | ||||
| CVE-2026-54196 | 2 Jetmonsters, Wordpress | 2 Jetformbuilder, Wordpress | 2026-06-17 | 6.8 Medium |
| Subscriber Privilege Escalation in JetFormBuilder <= 3.6.1 versions. | ||||
| CVE-2026-32525 | 2 Jetmonsters, Wordpress | 2 Jetformbuilder, Wordpress | 2026-04-24 | 9.9 Critical |
| Improper Control of Generation of Code ('Code Injection') vulnerability in jetmonsters JetFormBuilder jetformbuilder allows Code Injection.This issue affects JetFormBuilder: from n/a through <= 3.5.6.1. | ||||
| CVE-2026-4373 | 2 Jetmonsters, Wordpress | 2 Jetformbuilder — Dynamic Blocks Form Builder, Wordpress | 2026-04-24 | 7.5 High |
| The JetFormBuilder plugin for WordPress is vulnerable to arbitrary file read via path traversal in all versions up to, and including, 3.5.6.2. This is due to the 'Uploaded_File::set_from_array' method accepting user-supplied file paths from the Media Field preset JSON payload without validating that the path belongs to the WordPress uploads directory. Combined with an insufficient same-file check in 'File_Tools::is_same_file' that only compares basenames, this makes it possible for unauthenticated attackers to exfiltrate arbitrary local files as email attachments by submitting a crafted form request when the form is configured with a Media Field and a Send Email action with file attachment. | ||||
Page 1 of 1.