Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

jetmonsters — Vulnerabilities & Security Advisories 35

Browse all 35 CVE security advisories affecting jetmonsters. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Jetmonsters operates as a software development entity, primarily focusing on creating digital assets and applications for the gaming and entertainment sectors. Security audits have identified thirty-five distinct Common Vulnerabilities and Exposures (CVEs) associated with its products, highlighting significant historical weaknesses in code quality and implementation. The most prevalent vulnerability classes include remote code execution (RCE), cross-site scripting (XSS), and privilege escalation flaws, which often stem from insufficient input validation and improper access controls. These defects have occasionally allowed attackers to compromise system integrity or access sensitive user data without authorization. While no single catastrophic incident has defined the company’s public record, the cumulative volume of disclosed CVEs suggests a pattern of recurring security oversights. This trend underscores the necessity for rigorous static analysis and continuous integration security testing to mitigate risks before deployment.

Top products by jetmonsters: Getwid – Gutenberg Blocks JetWidgets For Elementor Stratum Widgets for Elementor JetFormBuilder — Dynamic Blocks Form Builder Restaurant Menu by MotoPress JetFormBuilder Timetable and Event Schedule by MotoPress MotoPress Hotel Booking Mega Menu Block Getwid Hotel Booking Lite Stratum
CVE IDTitleCVSSSeverityPublished
CVE-2026-32525 WordPress JetFormBuilder plugin <= 3.5.6.1 - Remote Code Execution (RCE) vulnerability — JetFormBuilderCWE-94 9.9 Critical2026-03-25
CVE-2026-4373 JetFormBuilder <= 3.5.6.2 - Unauthenticated Arbitrary File Read via Media Field — JetFormBuilder — Dynamic Blocks Form BuilderCWE-36 7.5 High2026-03-21
CVE-2025-69013 WordPress Stratum plugin <= 1.6.1 - Broken Access Control vulnerability — StratumCWE-862 4.3 Medium2025-12-30
CVE-2025-66078 WordPress Hotel Booking Lite plugin <= 5.2.3 - Remote Code Execution (RCE) vulnerability — Hotel Booking LiteCWE-94 9.1 Critical2025-12-18
CVE-2025-49914 WordPress Restaurant Menu by MotoPress plugin <= 2.4.7 - Sensitive Data Exposure vulnerability — Restaurant Menu by MotoPressCWE-497 6.5 Medium2025-12-18
CVE-2025-11991 JetFormBuilder <= 3.5.3 - Missing Authorization to Unauthenticated Form Generation — JetFormBuilder — Dynamic Blocks Form BuilderCWE-862 5.3 Medium2025-12-16
CVE-2025-8195 JetWidgets For Elementor <= 1.0.20 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Comparison and Subscribe Widgets — JetWidgets For ElementorCWE-79 6.4 Medium2025-12-13
CVE-2025-64384 WordPress JetFormBuilder plugin <= 3.5.3 - Broken Access Control vulnerability — JetFormBuilderCWE-862 5.3 Medium2025-11-13
CVE-2025-58252 WordPress Getwid Plugin <= 2.1.2 - Sensitive Data Exposure Vulnerability — GetwidCWE-201 4.3 Medium2025-09-22
CVE-2025-7845 Stratum – Elementor Widgets <= 1.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Advanced Google Maps and Image Hotspot Widgets — Stratum Widgets for ElementorCWE-79 6.4 Medium2025-08-01
CVE-2025-54038 WordPress Restaurant Menu by MotoPress plugin <= 2.4.6 - Cross Site Request Forgery (CSRF) Vulnerability — Restaurant Menu by MotoPressCWE-352 5.4 Medium2025-07-16
CVE-2025-53990 WordPress JetFormBuilder plugin <= 3.5.1.2 - PHP Object Injection Vulnerability — JetFormBuilderCWE-502 7.2 High2025-07-16
CVE-2025-48258 WordPress Mega Menu Block plugin <= 1.0.6 - Cross Site Scripting (XSS) Vulnerability — Mega Menu BlockCWE-79 6.5 Medium2025-05-19
CVE-2025-30846 WordPress Restaurant Menu by MotoPress plugin <= 2.4.4 - Local File Inclusion vulnerability — Restaurant Menu by MotoPressCWE-98 8.8 High2025-03-27
CVE-2024-13642 Stratum – Elementor Widgets <= 1.4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting Vulnerability via Image Hotspot Widget — Stratum Widgets for ElementorCWE-79 6.4 Medium2025-01-30
CVE-2024-10316 Stratum – Elementor Widgets <= 1.4.4 - Authenticated (Contributor+) Sensitive Information Exposure via Elementor Templates — Stratum Widgets for ElementorCWE-200 4.3 Medium2024-11-21
CVE-2024-10872 Getwid – Gutenberg Blocks <= 2.0.12 - Authenticated (Contributor+) Stored Cross-Site Scripting — Getwid – Gutenberg BlocksCWE-79 6.4 Medium2024-11-20
CVE-2024-10323 JetWidgets For Elementor <= 1.0.18 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload — JetWidgets For ElementorCWE-79 6.4 Medium2024-11-12
CVE-2020-36840 Timetable and Event Schedule by MotoPress <= 2.3.8 - Missing Authorization — Timetable and Event Schedule by MotoPressCWE-862 7.3 High2024-10-16
CVE-2024-7291 JetFormBuilder <= 3.3.4.1 - Authenticated (Administrator+) Privilege Escalation — JetFormBuilder — Dynamic Blocks Form BuilderCWE-269 7.2 High2024-08-03
CVE-2024-6489 Getwid – Gutenberg Blocks <= 2.0.10 - Missing Authorization to Google API key update — Getwid – Gutenberg BlocksCWE-862 5.3 Medium2024-07-20
CVE-2024-6491 Getwid – Gutenberg Blocks <= 2.0.10 - Missing Authentication to MailChimp API key update — Getwid – Gutenberg BlocksCWE-862 4.3 Medium2024-07-20
CVE-2024-4626 JetWidgets For Elementor <= 1.0.17 - Authenticated (Contributor+) Stored Cross-Site Scripting via layout_type and id Parameters — JetWidgets For ElementorCWE-79 6.4 Medium2024-06-20
CVE-2024-5611 Stratum – Elementor Widgets <= 1.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget — Stratum Widgets for ElementorCWE-79 6.4 Medium2024-06-15
CVE-2024-4413 Hotel Booking Lite <= 4.11.1 - Unauthenticated PHP Object Injection — MotoPress Hotel BookingCWE-502 9.8 Critical2024-05-10
CVE-2024-3588 Getwid – Gutenberg Blocks <= 2.0.7 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via 'Countdown' — Getwid – Gutenberg BlocksCWE-79 6.4 Medium2024-05-02
CVE-2024-3342 Timetable and Event Schedule by MotoPress <= 2.4.11 - Authenticated (Contributor+) SQL Injection — Timetable and Event Schedule by MotoPressCWE-89 9.9 Critical2024-04-27
CVE-2024-2138 JetWidgets For Elementor <= 1.0.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via Animated Box Widget — JetWidgets For ElementorCWE-79 6.4 Medium2024-04-09
CVE-2024-2507 JetWidgets For Elementor <= 1.0.16 - Authenticated(Contributor+) Stored Cross-Site Scripting via Widget Button URL — JetWidgets For ElementorCWE-79 6.4 Medium2024-04-09
CVE-2024-1948 Getwid – Gutenberg Blocks <= 2.0.5 - Authenticated(Contributor+) Stored Cross-Site Scripting via Block Content — Getwid – Gutenberg BlocksCWE-79 6.4 Medium2024-04-09

This page lists every published CVE security advisory associated with jetmonsters. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.