Crocoblock — Vulnerabilities & Security Advisories 87

Browse all 87 CVE security advisories affecting Crocoblock. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Crocoblock operates as a provider of WordPress plugins and extensions, primarily facilitating advanced data management, dynamic content creation, and e-commerce functionality for website builders. Historically, its software portfolio has been associated with a significant volume of security flaws, currently totaling 87 recorded Common Vulnerabilities and Exposures. The most prevalent vulnerability classes include Cross-Site Scripting (XSS), SQL Injection, and Remote Code Execution (RCE), often stemming from insufficient input validation and improper access controls within plugin endpoints. Additionally, privilege escalation issues have been documented, allowing unauthorized users to perform administrative actions. While no single catastrophic breach has defined the company’s public history, the high frequency of disclosed CVEs indicates systemic weaknesses in code review and security testing processes. These recurring issues highlight the risks inherent in complex WordPress ecosystems where third-party extensions may lack rigorous security auditing, leaving user data and server integrity vulnerable to exploitation.

CVEs 87

CVE ID	Title	CVSS	Severity	Published
CVE-2026-4352	JetEngine <= 3.8.6.1 - Unauthenticated SQL Injection via '_cct_search' Parameter — JetEngineCWE-89	7.5	High	2026-04-14
CVE-2026-4662	JetEngine <= 3.8.6.1 - Unauthenticated SQL Injection via Listing Grid 'filtered_query' Parameter — JetEngineCWE-89	7.5	High	2026-03-24
CVE-2026-32355	WordPress JetEngine plugin < 3.8.4.1 - Deserialization of untrusted data vulnerability — JetEngineCWE-502	8.8	High	2026-03-13
CVE-2026-3496	JetBooking <= 4.0.3 - Unauthenticated SQL Injection via 'check_in_date' Parameter — JetBookingCWE-89	7.5	High	2026-03-11
CVE-2026-28134	WordPress JetEngine plugin <= 3.7.2 - Remote Code Execution (RCE) vulnerability — JetEngineCWE-94	8.5	High	2026-03-05
CVE-2025-68495	WordPress JetEngine plugin <= 3.8.0 - Reflected Cross Site Scripting (XSS) vulnerability — JetEngineCWE-79	7.1	High	2026-02-20
CVE-2026-24958	WordPress JetElements For Elementor plugin <= 2.7.12.2 - Cross Site Scripting (XSS) vulnerability — JetElements For ElementorCWE-79	6.5	Medium	2026-02-03
CVE-2025-67923	WordPress JetEngine plugin <= 3.7.7 - Cross Site Scripting (XSS) vulnerability — JetEngineCWE-79	7.1	High	2026-01-22
CVE-2025-69333	WordPress JetEngine plugin <= 3.8.1.1 - Broken Access Control vulnerability — JetEngineCWE-862	4.3	Medium	2026-01-07
CVE-2025-68498	WordPress JetTabs plugin <= 2.2.12 - Broken Access Control vulnerability — JetTabsCWE-862	6.5	Medium	2025-12-29
CVE-2025-68499	WordPress JetTabs plugin <= 2.2.12 - Cross Site Scripting (XSS) vulnerability — JetTabsCWE-79	6.5	Medium	2025-12-29
CVE-2025-68502	WordPress JetPopup plugin <= 2.0.20.1 - Insecure Direct Object References (IDOR) vulnerability — JetPopupCWE-639	4.3	Medium	2025-12-29
CVE-2025-68503	WordPress JetBlog plugin <= 2.4.7 - Broken Access Control vulnerability — JetBlogCWE-862	6.5	Medium	2025-12-29
CVE-2025-68504	WordPress JetSearch plugin <= 3.5.16 - Cross Site Scripting (XSS) vulnerability — JetSearchCWE-79	6.5	Medium	2025-12-29
CVE-2025-64355	WordPress JetElements For Elementor plugin <= 2.7.12 - Cross Site Scripting (XSS) vulnerability — JetElements For ElementorCWE-79	6.5	Medium	2025-12-18
CVE-2025-49939	WordPress JetElements For Elementor plugin <= 2.7.8 - Cross Site Scripting (XSS) vulnerability — JetElements For ElementorCWE-79	6.5	Medium	2025-10-22
CVE-2025-49938	WordPress JetEngine plugin <= 3.7.3 - Cross Site Scripting (XSS) vulnerability — JetEngineCWE-79	6.5	Medium	2025-10-22
CVE-2025-49933	WordPress JetBlog plugin <= 2.4.4 - Cross Site Scripting (XSS) vulnerability — JetBlogCWE-79	6.5	Medium	2025-10-22
CVE-2025-49934	WordPress JetBlocks For Elementor plugin <= 1.3.18 - Cross Site Scripting (XSS) vulnerability — JetBlocks For ElementorCWE-79	6.5	Medium	2025-10-22
CVE-2025-49931	WordPress JetSearch plugin <= 3.5.10 - SQL Injection vulnerability — JetSearchCWE-89	9.3	Critical	2025-10-22
CVE-2025-49930	WordPress JetSearch plugin <= 3.5.10 - Cross Site Scripting (XSS) vulnerability — JetSearchCWE-79	7.1	High	2025-10-22
CVE-2025-49932	WordPress JetBlog plugin <= 2.4.4.1 - Cross Site Scripting (XSS) vulnerability — JetBlogCWE-79	6.5	Medium	2025-10-22
CVE-2025-49928	WordPress JetWooBuilder plugin <= 2.1.20 - Cross Site Scripting (XSS) vulnerability — JetWooBuilderCWE-79	6.5	Medium	2025-10-22
CVE-2025-49927	WordPress JetWooBuilder plugin <= 2.1.20.1 - Cross Site Scripting (XSS) vulnerability — JetWooBuilderCWE-79	6.5	Medium	2025-10-22
CVE-2025-49921	WordPress JetReviews plugin <= 3.0.0 - Local File Inclusion vulnerability — JetReviewsCWE-98	7.5	High	2025-10-22
CVE-2025-53194	WordPress JetEngine <= 3.7.0 - Remote Code Execution (RCE) Vulnerability — JetEngineCWE-82	8.5	High	2025-08-20
CVE-2025-53195	WordPress JetEngine plugin <= 3.7.0 - Cross Site Scripting (XSS) Vulnerability — JetEngineCWE-79	6.5	Medium	2025-08-20
CVE-2025-53196	WordPress JetEngine <= 3.7.0 - Sensitive Data Exposure Vulnerability — JetEngineCWE-201	6.5	Medium	2025-08-20
CVE-2025-53983	WordPress JetElements For Elementor <= 2.7.7 - Sensitive Data Exposure Vulnerability — JetElements For ElementorCWE-201	6.5	Medium	2025-08-20
CVE-2025-53985	WordPress JetTabs <= 2.2.9 - Sensitive Data Exposure Vulnerability — JetTabsCWE-201	6.5	Medium	2025-08-20

This page lists every published CVE security advisory associated with Crocoblock. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.

Goal Reached Thanks to every supporter — we hit 100%!

Crocoblock — Vulnerabilities & Security Advisories 87