Crocoblock — Vulnerabilities & Security Advisories 87

Browse all 87 CVE security advisories affecting Crocoblock. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Crocoblock operates as a provider of WordPress plugins and extensions, primarily facilitating advanced data management, dynamic content creation, and e-commerce functionality for website builders. Historically, its software portfolio has been associated with a significant volume of security flaws, currently totaling 87 recorded Common Vulnerabilities and Exposures. The most prevalent vulnerability classes include Cross-Site Scripting (XSS), SQL Injection, and Remote Code Execution (RCE), often stemming from insufficient input validation and improper access controls within plugin endpoints. Additionally, privilege escalation issues have been documented, allowing unauthorized users to perform administrative actions. While no single catastrophic breach has defined the company’s public history, the high frequency of disclosed CVEs indicates systemic weaknesses in code review and security testing processes. These recurring issues highlight the risks inherent in complex WordPress ecosystems where third-party extensions may lack rigorous security auditing, leaving user data and server integrity vulnerable to exploitation.

CVEs 87

CVE ID	Title	CVSS	Severity	Published
CVE-2025-53987	WordPress JetMenu <= 2.4.11.1 - Sensitive Data Exposure Vulnerability — JetMenuCWE-201	6.5	Medium	2025-08-20
CVE-2025-53988	WordPress JetBlocks For Elementor <= 1.3.18 - Sensitive Data Exposure Vulnerability — JetBlocks For ElementorCWE-201	6.5	Medium	2025-08-20
CVE-2025-53992	WordPress JetTricks <= 1.5.4.1 - Sensitive Data Exposure Vulnerability — JetTricksCWE-201	6.5	Medium	2025-08-20
CVE-2025-53993	WordPress JetPopup plugin <= 2.0.15 - Sensitive Data Exposure vulnerability — JetPopupCWE-201	6.5	Medium	2025-08-20
CVE-2025-53998	WordPress JetWooBuilder <= 2.1.20 - Sensitive Data Exposure Vulnerability — JetWooBuilderCWE-201	6.5	Medium	2025-08-20
CVE-2025-54008	WordPress JetSmartFilters <= 3.6.7 - Sensitive Data Exposure Vulnerability — JetSmartFiltersCWE-201	6.5	Medium	2025-08-20
CVE-2025-54749	WordPress JetProductGallery Plugin <= 2.2.0.2 - Cross Site Scripting (XSS) Vulnerability — JetProductGalleryCWE-79	6.5	Medium	2025-08-14
CVE-2025-55714	WordPress JetElements For Elementor Plugin <= 2.7.9 - Cross Site Scripting (XSS) Vulnerability — JetElements For ElementorCWE-79	6.5	Medium	2025-08-14
CVE-2025-54688	WordPress JetEngine Plugin plugin <= 3.7.1.2 - Cross Site Scripting (XSS) Vulnerability — JetEngineCWE-79	6.5	Medium	2025-08-14
CVE-2025-54687	WordPress JetTabs Plugin plugin <= 2.2.9.1 - Cross Site Scripting (XSS) Vulnerability — JetTabsCWE-79	6.5	Medium	2025-08-14
CVE-2025-54009	WordPress JetSmartFilters plugin <= 3.6.8 - Cross Site Scripting (XSS) Vulnerability — JetSmartFiltersCWE-79	6.5	Medium	2025-07-16
CVE-2025-53995	WordPress JetPopup plugin <= 2.0.15.1 - Cross Site Scripting (XSS) Vulnerability — JetPopupCWE-79	6.5	Medium	2025-07-16
CVE-2025-53996	WordPress JetSearch plugin <= 3.5.10.1 - Cross Site Scripting (XSS) Vulnerability — JetSearchCWE-79	6.5	Medium	2025-07-16
CVE-2025-53994	WordPress JetPopup plugin <= 2.0.15 - Cross Site Scripting (XSS) Vulnerability — JetPopupCWE-79	6.5	Medium	2025-07-16
CVE-2025-53991	WordPress JetTricks plugin <= 1.5.4.1 - Cross Site Scripting (XSS) Vulnerability — JetTricksCWE-79	6.5	Medium	2025-07-16
CVE-2025-53989	WordPress JetBlocks For Elementor plugin <= 1.3.19 - Cross Site Scripting (XSS) Vulnerability — JetBlocks For ElementorCWE-79	6.5	Medium	2025-07-16
CVE-2025-53984	WordPress JetTabs plugin <= 2.2.9 - Cross Site Scripting (XSS) Vulnerability — JetTabsCWE-79	6.5	Medium	2025-07-16
CVE-2025-53982	WordPress JetElements For Elementor plugin <= 2.7.7 - Cross Site Scripting (XSS) Vulnerability — JetElements For ElementorCWE-79	6.5	Medium	2025-07-16
CVE-2025-39447	WordPress JetElements For Elementor plugin <= 2.7.4.1 - Broken Access Control Vulnerability — JetElements For ElementorCWE-862	7.5	High	2025-05-19
CVE-2025-39449	WordPress JetWooBuilder plugin <= 2.1.18 - Broken Access Control Vulnerability — JetWooBuilderCWE-862	7.5	High	2025-05-19
CVE-2025-39451	WordPress JetBlocks For Elementor plugin <= 1.3.16 - Broken Access Control Vulnerability — JetBlocks For ElementorCWE-862	7.5	High	2025-05-19
CVE-2025-39448	WordPress JetElements For Elementor plugin <= 2.7.4.1 - Cross Site Scripting (XSS) vulnerability — JetElements For ElementorCWE-79	6.5	Medium	2025-05-19
CVE-2025-39450	WordPress JetTabs plugin <= 2.2.7 - Cross Site Scripting (XSS) vulnerability — JetTabsCWE-79	6.5	Medium	2025-05-19
CVE-2025-39396	WordPress JetReviews plugin <= 2.3.6 - Local File Inclusion vulnerability — JetReviewsCWE-98	7.5	High	2025-05-19
CVE-2025-26953	WordPress JetMenu plugin <= 2.4.9 - Broken Access Control Vulnerability — JetMenuCWE-862	7.5	High	2025-04-15
CVE-2025-26870	WordPress JetEngine plugin <= 3.6.4.1 - Cross Site Scripting (XSS) vulnerability — JetEngineCWE-79	6.5	Medium	2025-04-15
CVE-2025-26958	WordPress JetBlog plugin <= 2.4.3 - Broken Access Control Vulnerability — JetBlogCWE-862	7.5	High	2025-04-15
CVE-2025-26944	WordPress JetPopup plugin <= 2.0.11 - Broken Access Control Vulnerability — JetPopupCWE-862	7.5	High	2025-04-15
CVE-2025-26942	WordPress JetTricks plugin <= 1.5.1 - Broken Access Control Vulnerability — JetTricksCWE-862	7.5	High	2025-04-15
CVE-2025-26744	WordPress JetBlog plugin <= 2.4.3 - Cross Site Scripting (XSS) vulnerability — JetBlogCWE-79	6.5	Medium	2025-04-15

This page lists every published CVE security advisory associated with Crocoblock. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.

Goal Reached Thanks to every supporter — we hit 100%!

Crocoblock — Vulnerabilities & Security Advisories 87