Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Crocoblock — Vulnerabilities & Security Advisories 87

Browse all 87 CVE security advisories affecting Crocoblock. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Crocoblock operates as a provider of WordPress plugins and extensions, primarily facilitating advanced data management, dynamic content creation, and e-commerce functionality for website builders. Historically, its software portfolio has been associated with a significant volume of security flaws, currently totaling 87 recorded Common Vulnerabilities and Exposures. The most prevalent vulnerability classes include Cross-Site Scripting (XSS), SQL Injection, and Remote Code Execution (RCE), often stemming from insufficient input validation and improper access controls within plugin endpoints. Additionally, privilege escalation issues have been documented, allowing unauthorized users to perform administrative actions. While no single catastrophic breach has defined the company’s public history, the high frequency of disclosed CVEs indicates systemic weaknesses in code review and security testing processes. These recurring issues highlight the risks inherent in complex WordPress ecosystems where third-party extensions may lack rigorous security auditing, leaving user data and server integrity vulnerable to exploitation.

Found 5 results / 87Clear Filters
Top products by Crocoblock: JetEngine JetElements For Elementor JetBlocks For Elementor JetTabs JetSearch JetBlog JetPopup JetWooBuilder JetTricks JetSmartFilters JetElements JetMenu JetProductGallery JetReviews JetFormBuilder JetFormBuilder — Dynamic Blocks Form Builder JetBooking JetCompareWishlist JetGridBuilder JetWidgets for Elementor and WooCommerce JetThemeCore
CVE IDTitleCVSSSeverityPublished
CVE-2025-68503 WordPress JetBlog plugin <= 2.4.7 - Broken Access Control vulnerability — JetBlogCWE-862 6.5 Medium2025-12-29
CVE-2025-49933 WordPress JetBlog plugin <= 2.4.4 - Cross Site Scripting (XSS) vulnerability — JetBlogCWE-79 6.5 Medium2025-10-22
CVE-2025-49932 WordPress JetBlog plugin <= 2.4.4.1 - Cross Site Scripting (XSS) vulnerability — JetBlogCWE-79 6.5 Medium2025-10-22
CVE-2025-26958 WordPress JetBlog plugin <= 2.4.3 - Broken Access Control Vulnerability — JetBlogCWE-862 7.5 High2025-04-15
CVE-2025-26744 WordPress JetBlog plugin <= 2.4.3 - Cross Site Scripting (XSS) vulnerability — JetBlogCWE-79 6.5 Medium2025-04-15

This page lists every published CVE security advisory associated with Crocoblock. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.