cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2025-0369,https://securityvulnerability.io/vulnerability/CVE-2025-0369,Stored Cross-Site Scripting in JetEngine Plugin for WordPress,"The JetEngine plugin for WordPress contains a vulnerability due to inadequate input sanitization and output escaping in the 'list_tag' parameter. This allows authenticated attackers with Contributor-level access and higher to inject malicious web scripts into pages. Consequently, whenever users access these injected pages, the scripts may execute, potentially compromising user security and privacy.",Wordpress,Jetengine,6.4,MEDIUM,0.0005300000193528831,false,,false,false,false,false,false,false,2025-01-18T07:05:10.395Z,0
CVE-2023-1406,https://securityvulnerability.io/vulnerability/CVE-2023-1406,JetEngine < 3.1.3.1 - Author+ Remote Code Execution,"The JetEngine plugin for WordPress, prior to version 3.1.3.1, is susceptible to a significant security flaw where uploaded files are not properly verified, allowing potential remote code execution. Attackers could exploit this misconfiguration to execute arbitrary PHP code on the server, posing a major risk to vulnerable installations.",Wordpress,JetEngine,8.8,HIGH,0.002319999970495701,false,,false,false,false,,false,false,2023-04-10T14:15:00.000Z,0