CVE-2026-52696— WordPress JetBlog plugin <= 2.4.8 - Sensitive Data Exposure vulnerability
Possible ATT&CK Techniques 1AI
T1530 · Data from Cloud StorageAffected Version Matrix 1
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Jetimpex Inc. | JetBlog | n/a≤ 2.4.8 | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-52696
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
WordPress JetBlog plugin <= 2.4.8 - Sensitive Data Exposure vulnerability
Source: NVD (National Vulnerability Database)
Vulnerability Description
Unauthenticated Sensitive Data Exposure in JetBlog <= 2.4.8 versions.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
CWE-1258
Source: NVD (National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Jetimpex Inc. | JetBlog | n/a ~ 2.4.8 | - |
II. Public POCs for CVE-2026-52696
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-52696
请登录查看更多情报信息。
Same Patch Batch · Jetimpex Inc. · 2026-06-17 · 11 CVEs total
| CVE-2026-52706 | 9.8 CRITICAL | WordPress JetEngine plugin <= 3.8.10 - PHP Object Injection vulnerability |
| CVE-2026-49075 | 9.8 CRITICAL | WordPress JetEngine plugin <= 3.8.9.1 - PHP Object Injection vulnerability |
| CVE-2026-48875 | 9.3 CRITICAL | WordPress JetSmartFilters plugin <= 3.8.1 - SQL Injection vulnerability |
| CVE-2026-54187 | 9.3 CRITICAL | WordPress JetEngine plugin <= 3.8.10.1 - SQL Injection vulnerability |
| CVE-2026-49084 | 9.3 CRITICAL | WordPress JetEngine plugin < 3.8.9.1 - SQL Injection vulnerability |
| CVE-2026-49079 | 9.3 CRITICAL | WordPress JetSearch plugin <= 3.5.17 - SQL Injection vulnerability |
| CVE-2026-49076 | 9.3 CRITICAL | WordPress JetEngine plugin <= 3.8.9.1 - SQL Injection vulnerability |
| CVE-2026-54189 | 7.1 HIGH | WordPress JetEngine plugin <= 3.8.10 - Cross Site Scripting (XSS) vulnerability |
| CVE-2026-54188 | 7.1 HIGH | WordPress JetEngine plugin <= 3.8.10 - Cross Site Scripting (XSS) vulnerability |
| CVE-2026-49074 | 7.1 HIGH | WordPress JetEngine plugin <= 3.8.9.1 - Cross Site Scripting (XSS) vulnerability |
IV. Related Vulnerabilities
Same product: JetBlog
- CVE-2025-68503
WordPress JetBlog plugin <= 2.4.7 - Broken Access Control vu - CVE-2025-49933
WordPress JetBlog plugin <= 2.4.4 - Cross Site Scripting (XS - CVE-2025-49932
WordPress JetBlog plugin <= 2.4.4.1 - Cross Site Scripting ( - CVE-2025-26958
WordPress JetBlog plugin <= 2.4.3 - Broken Access Control Vu - CVE-2025-26744
WordPress JetBlog plugin <= 2.4.3 - Cross Site Scripting (XS
Same vendor: Jetimpex Inc.
- CVE-2026-54189
WordPress JetEngine plugin <= 3.8.10 - Cross Site Scripting - CVE-2026-54188
WordPress JetEngine plugin <= 3.8.10 - Cross Site Scripting - CVE-2026-54187
WordPress JetEngine plugin <= 3.8.10.1 - SQL Injection vulne - CVE-2026-52706
WordPress JetEngine plugin <= 3.8.10 - PHP Object Injection - CVE-2026-49084
WordPress JetEngine plugin < 3.8.9.1 - SQL Injection vulnera
Same weakness: CWE-1258
- CVE-2025-14551
Senstive information disclosure was affecting subiquity - CVE-2025-15480
Senstive information disclosure was affecting ubuntu-desktop - CVE-2026-26948
Dell Integrated Dell Remote Access Controller 安全漏洞 - CVE-2025-26482
Dell PowerEdge Server BIOS和Dell iDRAC9 安全漏洞 - CVE-2025-32257
WordPress 1 Click WordPress Migration plugin <= 2.5.7 - Sens
V. Comments for CVE-2026-52696
No comments yet