Browse all 87 CVE security advisories affecting Crocoblock. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Crocoblock operates as a provider of WordPress plugins and extensions, primarily facilitating advanced data management, dynamic content creation, and e-commerce functionality for website builders. Historically, its software portfolio has been associated with a significant volume of security flaws, currently totaling 87 recorded Common Vulnerabilities and Exposures. The most prevalent vulnerability classes include Cross-Site Scripting (XSS), SQL Injection, and Remote Code Execution (RCE), often stemming from insufficient input validation and improper access controls within plugin endpoints. Additionally, privilege escalation issues have been documented, allowing unauthorized users to perform administrative actions. While no single catastrophic breach has defined the company’s public history, the high frequency of disclosed CVEs indicates systemic weaknesses in code review and security testing processes. These recurring issues highlight the risks inherent in complex WordPress ecosystems where third-party extensions may lack rigorous security auditing, leaving user data and server integrity vulnerable to exploitation.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-53992 | WordPress JetTricks <= 1.5.4.1 - Sensitive Data Exposure Vulnerability — JetTricksCWE-201 | 6.5 | Medium | 2025-08-20 |
| CVE-2025-53991 | WordPress JetTricks plugin <= 1.5.4.1 - Cross Site Scripting (XSS) Vulnerability — JetTricksCWE-79 | 6.5 | Medium | 2025-07-16 |
| CVE-2025-26942 | WordPress JetTricks plugin <= 1.5.1 - Broken Access Control Vulnerability — JetTricksCWE-862 | 7.5 | High | 2025-04-15 |
This page lists every published CVE security advisory associated with Crocoblock. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.