Vulnerabilities and security researches forjetformbuilder jetformbuilder

Jun 06, 2024

CVE, Research URL: CVE-2023-48763
Home page URL: Security reports for JetFormBuilder — Dynamic Blocks Form Builder
Application: JetFormBuilder — Dynamic Blocks Form Builder
Date: Apr 24, 2024
Research Description: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS vulnerability in Crocoblock JetFormBuilder allows Code Injection.This issue affects JetFormBuilder: from n/a through 3.1.4.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2023-33212
Home page URL: Security reports for JetFormBuilder — Dynamic Blocks Form Builder
Application: JetFormBuilder — Dynamic Blocks Form Builder
Date: May 28, 2023
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in Crocoblock JetFormBuilder — Dynamic Blocks Form Builder plugin <= 3.0.6 versions.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2023-37866
Home page URL: Security reports for JetFormBuilder — Dynamic Blocks Form Builder
Application: JetFormBuilder — Dynamic Blocks Form Builder
Date: May 17, 2024
Research Description: Improper Privilege Management vulnerability in Crocoblock JetFormBuilder allows Privilege Escalation.This issue affects JetFormBuilder: from n/a through 3.0.8.
Affected versions: Min -, max -.
Status: vulnerable

Aug 04, 2024

CVE, Research URL: CVE-2024-7291
Home page URL: Security reports for JetFormBuilder — Dynamic Blocks Form Builder
Application: JetFormBuilder — Dynamic Blocks Form Builder
Date: Aug 03, 2024
Research Description: The JetFormBuilder plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.3.4.1. This is due to improper restriction on user meta fields. This makes it possible for authenticated attackers, with administrator-level and above permissions, to register as super-admins on the sites configured as multi-sites.
Affected versions: Min -, max -.
Status: vulnerable

Jul 20, 2025

CVE, Research URL: CVE-2025-53990
Home page URL: Security reports for JetFormBuilder — Dynamic Blocks Form Builder
Application: JetFormBuilder — Dynamic Blocks Form Builder
Date: Jul 16, 2025
Research Description: Deserialization of Untrusted Data vulnerability in jetmonsters JetFormBuilder allows Object Injection. This issue affects JetFormBuilder: from n/a through 3.5.1.2.
Affected versions: Min -, max -.
Status: vulnerable