CVE-2026-42774— WordPress JetEngine plugin <= 3.8.8.1 - SQL Injection vulnerability
Possible ATT&CK Techniques 1AI
T1190 · Exploit Public-Facing ApplicationAffected Version Matrix 1
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Crocoblock | JetEngine | n/a≤ 3.8.8.1 | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-42774
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
WordPress JetEngine plugin <= 3.8.8.1 - SQL Injection vulnerability
Source: NVD (National Vulnerability Database)
Vulnerability Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Crocoblock JetEngine allows SQL Injection. This issue affects JetEngine: from n/a through 3.8.8.1.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Source: NVD (National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Crocoblock | JetEngine | n/a ~ 3.8.8.1 | - |
II. Public POCs for CVE-2026-42774
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-42774
请登录查看更多情报信息。
Vendor Advisories for CVE-2026-42774 (1)
IV. Related Vulnerabilities
Same product: JetEngine
- CVE-2026-4352
JetEngine <= 3.8.6.1 - Unauthenticated SQL Injection via '_c - CVE-2026-4662
JetEngine <= 3.8.6.1 - Unauthenticated SQL Injection via Lis - CVE-2026-32355
WordPress JetEngine plugin < 3.8.4.1 - Deserialization of un - CVE-2026-28134
WordPress JetEngine plugin <= 3.7.2 - Remote Code Execution - CVE-2025-68495
WordPress JetEngine plugin <= 3.8.0 - Reflected Cross Site S
Same vendor: Crocoblock
- CVE-2026-4352
JetEngine <= 3.8.6.1 - Unauthenticated SQL Injection via '_c - CVE-2026-4662
JetEngine <= 3.8.6.1 - Unauthenticated SQL Injection via Lis - CVE-2026-32355
WordPress JetEngine plugin < 3.8.4.1 - Deserialization of un - CVE-2026-3496
JetBooking <= 4.0.3 - Unauthenticated SQL Injection via 'che - CVE-2026-28134
WordPress JetEngine plugin <= 3.7.2 - Remote Code Execution
Same weakness: CWE-89
- CVE-2026-42755
WordPress TableOn plugin <= 1.0.5.1 - SQL Injection vulnerab - CVE-2026-42761
WordPress Active Products Tables for WooCommerce plugin <= 1 - CVE-2026-42740
WordPress Tainacan plugin <= 1.0.3 - SQL Injection vulnerabi - CVE-2026-42747
WordPress Easy Form Builder plugin <= 4.0.6 - SQL Injection - CVE-2026-42730
WordPress MasterStudy LMS plugin <= 3.7.29 - SQL Injection v
V. Comments for CVE-2026-42774
No comments yet