cleantalk
Vulnerabilities and Security Researches

JetFormBuilder — Dynamic Blocks Form Builder, CVE-2024-7291

CVE, Research URL

CVE-2024-7291

Home page URL

Security reports for JetFormBuilder — Dynamic Blocks Form Builder

Application

JetFormBuilder — Dynamic Blocks Form Builder

Published on
Aug 03, 2024
Research Description
The JetFormBuilder plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.3.4.1. This is due to improper restriction on user meta fields. This makes it possible for authenticated attackers, with administrator-level and above permissions, to register as super-admins on the sites configured as multi-sites.
Affected versions
Min -, max 3.3.4.2.
Status
vulnerable
Previous vulnerability researches
JetFormBuilder — Dynamic Blocks Form Builder (CVE-2024-7291) , Aug 04, 2024
JetFormBuilder — Dynamic Blocks Form Builder (CVE-2025-53990) , Jul 20, 2025
JetFormBuilder — Dynamic Blocks Form Builder (CVE-2023-48763) , Jun 06, 2024
JetFormBuilder — Dynamic Blocks Form Builder (CVE-2023-33212) , Jun 06, 2024
JetFormBuilder — Dynamic Blocks Form Builder (CVE-2023-37866) , Jun 06, 2024
New vulnerability
Temporarily Hidden Content (CVE-2025-7658) , Jul 21, 2025
Testimonial Post type (CVE-2025-5800) , Jul 21, 2025
WP Shortcodes Plugin — Shortcodes Ultimate (CVE-2025-7369) , Jul 21, 2025
WP Shortcodes Plugin — Shortcodes Ultimate (CVE-2025-7354) , Jul 21, 2025
Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms (CVE-2025-7697) , Jul 21, 2025