Crocoblock — Vulnerabilities & Security Advisories 87

Browse all 87 CVE security advisories affecting Crocoblock. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Crocoblock operates as a provider of WordPress plugins and extensions, primarily facilitating advanced data management, dynamic content creation, and e-commerce functionality for website builders. Historically, its software portfolio has been associated with a significant volume of security flaws, currently totaling 87 recorded Common Vulnerabilities and Exposures. The most prevalent vulnerability classes include Cross-Site Scripting (XSS), SQL Injection, and Remote Code Execution (RCE), often stemming from insufficient input validation and improper access controls within plugin endpoints. Additionally, privilege escalation issues have been documented, allowing unauthorized users to perform administrative actions. While no single catastrophic breach has defined the company’s public history, the high frequency of disclosed CVEs indicates systemic weaknesses in code review and security testing processes. These recurring issues highlight the risks inherent in complex WordPress ecosystems where third-party extensions may lack rigorous security auditing, leaving user data and server integrity vulnerable to exploitation.

CVEs 87

CVE ID	Title	CVSS	Severity	Published
CVE-2026-4352	JetEngine <= 3.8.6.1 - Unauthenticated SQL Injection via '_cct_search' Parameter — JetEngineCWE-89	7.5	High	2026-04-14
CVE-2026-4662	JetEngine <= 3.8.6.1 - Unauthenticated SQL Injection via Listing Grid 'filtered_query' Parameter — JetEngineCWE-89	7.5	High	2026-03-24
CVE-2026-32355	WordPress JetEngine plugin < 3.8.4.1 - Deserialization of untrusted data vulnerability — JetEngineCWE-502	8.8	High	2026-03-13
CVE-2026-28134	WordPress JetEngine plugin <= 3.7.2 - Remote Code Execution (RCE) vulnerability — JetEngineCWE-94	8.5	High	2026-03-05
CVE-2025-68495	WordPress JetEngine plugin <= 3.8.0 - Reflected Cross Site Scripting (XSS) vulnerability — JetEngineCWE-79	7.1	High	2026-02-20
CVE-2025-67923	WordPress JetEngine plugin <= 3.7.7 - Cross Site Scripting (XSS) vulnerability — JetEngineCWE-79	7.1	High	2026-01-22
CVE-2025-69333	WordPress JetEngine plugin <= 3.8.1.1 - Broken Access Control vulnerability — JetEngineCWE-862	4.3	Medium	2026-01-07
CVE-2025-49938	WordPress JetEngine plugin <= 3.7.3 - Cross Site Scripting (XSS) vulnerability — JetEngineCWE-79	6.5	Medium	2025-10-22
CVE-2025-53194	WordPress JetEngine <= 3.7.0 - Remote Code Execution (RCE) Vulnerability — JetEngineCWE-82	8.5	High	2025-08-20
CVE-2025-53196	WordPress JetEngine <= 3.7.0 - Sensitive Data Exposure Vulnerability — JetEngineCWE-201	6.5	Medium	2025-08-20
CVE-2025-53195	WordPress JetEngine plugin <= 3.7.0 - Cross Site Scripting (XSS) Vulnerability — JetEngineCWE-79	6.5	Medium	2025-08-20
CVE-2025-54688	WordPress JetEngine Plugin plugin <= 3.7.1.2 - Cross Site Scripting (XSS) Vulnerability — JetEngineCWE-79	6.5	Medium	2025-08-14
CVE-2025-26870	WordPress JetEngine plugin <= 3.6.4.1 - Cross Site Scripting (XSS) vulnerability — JetEngineCWE-79	6.5	Medium	2025-04-15
CVE-2025-0369	Jet Engine <= 3.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via list_tag Parameter — JetEngineCWE-79	6.4	Medium	2025-01-18
CVE-2023-48758	WordPress JetEngine plugin <= 3.2.4 - Broken Access Control vulnerability — JetEngineCWE-862	7.1	High	2025-01-02
CVE-2023-48757	WordPress JetEngine plugin <= 3.2.4 - Privilege Escalation vulnerability — JetEngineCWE-269	8.8	High	2024-05-17

This page lists every published CVE security advisory associated with Crocoblock. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.

Goal Reached Thanks to every supporter — we hit 100%!

Crocoblock — Vulnerabilities & Security Advisories 87