cbcvebase.

Crocoblock Jetsearch vulnerabilities

6 known vulnerabilities affecting crocoblock/jetsearch.

Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1MEDIUM4

Vulnerabilities

Page 1 of 1
CVE-2025-49931P2CRITICALCVSS 9.3≤ 3.5.102025-10-22
CVE-2025-49931 [CRITICAL] CWE-89 CVE-2025-49931: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Crocoblock JetSearch jet-search allows Blind SQL Injection.This issue affects JetSearch: from n/a through <= 3.5.10.
nvd
CVE-2024-7136P4MEDIUMCVSS 6.4≤ 3.5.22024-08-16
CVE-2024-7136 [MEDIUM] CWE-79 CVE-2024-7136: The JetSearch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ paramet The JetSearch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 3.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will exe
nvd
CVE-2025-49930P4HIGHCVSS 7.1≤ 3.5.102025-10-22
CVE-2025-49930 [HIGH] CWE-79 CVE-2025-49930: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetSearch jet-search allows Reflected XSS.This issue affects JetSearch: from n/a through <= 3.5.10.
nvd
CVE-2025-53996P4MEDIUMCVSS 6.5≤ 3.5.10.12025-07-16
CVE-2025-53996 [MEDIUM] CWE-79 CVE-2025-53996: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetSearch jet-search allows Stored XSS.This issue affects JetSearch: from n/a through <= 3.5.10.1.
nvd
CVE-2025-68504P4MEDIUMCVSS 6.5≤ 3.5.162025-12-29
CVE-2025-68504 [MEDIUM] CWE-79 CVE-2025-68504: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetSearch jet-search allows DOM-Based XSS.This issue affects JetSearch: from n/a through <= 3.5.16.
nvd
CVE-2025-31043P4MEDIUMCVSS 6.5≤ 3.5.72025-03-31
CVE-2025-31043 [MEDIUM] CWE-79 CVE-2025-31043: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetSearch jet-search allows DOM-Based XSS.This issue affects JetSearch: from n/a through <= 3.5.7.
nvd
Crocoblock Jetsearch vulnerabilities | cvebase