Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Crocoblock — Vulnerabilities & Security Advisories 87

Browse all 87 CVE security advisories affecting Crocoblock. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Crocoblock operates as a provider of WordPress plugins and extensions, primarily facilitating advanced data management, dynamic content creation, and e-commerce functionality for website builders. Historically, its software portfolio has been associated with a significant volume of security flaws, currently totaling 87 recorded Common Vulnerabilities and Exposures. The most prevalent vulnerability classes include Cross-Site Scripting (XSS), SQL Injection, and Remote Code Execution (RCE), often stemming from insufficient input validation and improper access controls within plugin endpoints. Additionally, privilege escalation issues have been documented, allowing unauthorized users to perform administrative actions. While no single catastrophic breach has defined the company’s public history, the high frequency of disclosed CVEs indicates systemic weaknesses in code review and security testing processes. These recurring issues highlight the risks inherent in complex WordPress ecosystems where third-party extensions may lack rigorous security auditing, leaving user data and server integrity vulnerable to exploitation.

Top products by Crocoblock: JetEngine JetElements For Elementor JetBlocks For Elementor JetTabs JetSearch JetBlog JetPopup JetWooBuilder JetTricks JetSmartFilters JetElements JetMenu JetProductGallery JetReviews JetFormBuilder JetFormBuilder — Dynamic Blocks Form Builder JetBooking JetCompareWishlist JetGridBuilder JetWidgets for Elementor and WooCommerce JetThemeCore
CVE IDTitleCVSSSeverityPublished
CVE-2025-22279 WordPress JetCompareWishlist plugin <= 1.5.9 - Local File Inclusion vulnerability — JetCompareWishlistCWE-98 7.5 High2025-04-10
CVE-2025-30963 WordPress JetSmartFilters plugin <= 3.6.3 - Cross Site Scripting (XSS) vulnerability — JetSmartFiltersCWE-79 6.5 Medium2025-03-31
CVE-2025-31412 WordPress JetProductGallery plugin <= 2.1.22 - Cross Site Scripting (XSS) vulnerability — JetProductGalleryCWE-79 6.5 Medium2025-03-31
CVE-2025-30987 WordPress JetBlocks For Elementor plugin <= 1.3.16 - Cross Site Scripting (XSS) vulnerability — JetBlocks For ElementorCWE-79 6.5 Medium2025-03-31
CVE-2025-31016 WordPress JetWooBuilder plugin <= 2.1.18 - Local File Inclusion vulnerability — JetWooBuilderCWE-98 7.5 High2025-03-31
CVE-2025-31043 WordPress JetSearch plugin <= 3.5.7 - Cross Site Scripting (XSS) vulnerability — JetSearchCWE-79 6.5 Medium2025-03-31
CVE-2025-0371 Jet Elements <= 2.7.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets — JetElementsCWE-79 6.4 Medium2025-01-21
CVE-2025-0369 Jet Engine <= 3.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via list_tag Parameter — JetEngineCWE-79 6.4 Medium2025-01-18
CVE-2023-48758 WordPress JetEngine plugin <= 3.2.4 - Broken Access Control vulnerability — JetEngineCWE-862 7.1 High2025-01-02
CVE-2024-43221 WordPress JetGridBuilder plugin <= 1.1.2 - Local File Inclusion vulnerability — JetGridBuilderCWE-22 8.5 High2024-08-19
CVE-2024-7144 JetElements <= 2.6.20 - Authenticated (Contributor+) Stored Cross-Site Scripting — JetElementsCWE-79 6.4 Medium2024-08-16
CVE-2024-7145 JetElements <= 2.6.20 - Authenticated (Contributor+) Arbitrary Local File Inclusion — JetElementsCWE-22 8.8 High2024-08-16
CVE-2024-7146 JetTabs <= 2.2.3 - Authenticated (Contributor+) Arbitrary Local File Inclusion — JetTabsCWE-22 8.8 High2024-08-16
CVE-2024-7136 JetSearch <= 3.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting — JetSearchCWE-79 6.4 Medium2024-08-16
CVE-2024-7147 JetBlocks <= 1.3.12 - Authenticated (Contributor+) Stored Cross-Site Scripting — JetBlocks for ElementorCWE-79 6.4 Medium2024-08-16
CVE-2024-38772 WordPress JetWidgets for Elementor and WooCommerce plugin <= 1.1.7 - Contributor+ Limited Local File Inclusion vulnerability — JetWidgets for Elementor and WooCommerceCWE-22 6.5 Medium2024-08-01
CVE-2024-37497 WordPress JetThemeCore plugin < 2.2.1 - Subscriber+ Arbitrary File Deletion vulnerability — JetThemeCoreCWE-22 7.7 High2024-07-09
CVE-2023-48759 WordPress JetElements For Elementor plugin <= 2.6.13 - Unauthenticated Arbitrary Attachment Download vulnerability — JetElements For ElementorCWE-862 7.5 High2024-06-19
CVE-2023-48760 WordPress JetElements For Elementor plugin <= 2.6.13 - Unauthenticated Broken Access Control vulnerability — JetElements For ElementorCWE-862 8.2 High2024-06-19
CVE-2023-48761 WordPress JetElements For Elementor plugin <= 2.6.13 - Broken Access Control vulnerability — JetElements For ElementorCWE-862 6.3 Medium2024-06-19
CVE-2023-48757 WordPress JetEngine plugin <= 3.2.4 - Privilege Escalation vulnerability — JetEngineCWE-269 8.8 High2024-05-17
CVE-2023-37866 WordPress JetFormBuilder plugin <= 3.0.8 - Authenticated Privilege Escalation vulnerability — JetFormBuilderCWE-269 7.2 High2024-05-17
CVE-2023-48763 WordPress JetFormBuilder plugin <= 3.1.4 - Content Injection vulnerability — JetFormBuilderCWE-80 5.3 Medium2024-04-24
CVE-2023-39157 WordPress JetElements For Elementor Plugin <= 2.6.10 is vulnerable to Remote Code Execution (RCE) — JetElements For ElementorCWE-94 9.0 Critical2023-12-31
CVE-2023-48762 WordPress JetElements For Elementor Plugin <= 2.6.13 is vulnerable to Cross Site Request Forgery (CSRF) — JetElements For ElementorCWE-352 6.3 Medium2023-12-18
CVE-2023-48756 WordPress JetBlocks For Elementor Plugin <= 1.3.8 is vulnerable to Cross Site Scripting (XSS) — JetBlocks For ElementorCWE-79 7.1 High2023-12-14
CVE-2023-33212 WordPress JetFormBuilder Plugin <= 3.0.6 is vulnerable to Cross Site Request Forgery (CSRF) — JetFormBuilder — Dynamic Blocks Form BuilderCWE-352 4.3 Medium2023-05-28

This page lists every published CVE security advisory associated with Crocoblock. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.