Search criteria
ⓘ
Use full-text search for keyword queries.
Combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by dates instead of relevance.
6 vulnerabilities found for JetFormBuilder — Dynamic Blocks Form Builder by jetmonsters
CVE-2026-4373 (GCVE-0-2026-4373)
Vulnerability from nvd – Published: 2026-03-21 06:45 – Updated: 2026-03-24 14:05
VLAI?
Title
JetFormBuilder <= 3.5.6.2 - Unauthenticated Arbitrary File Read via Media Field
Summary
The JetFormBuilder plugin for WordPress is vulnerable to arbitrary file read via path traversal in all versions up to, and including, 3.5.6.2. This is due to the 'Uploaded_File::set_from_array' method accepting user-supplied file paths from the Media Field preset JSON payload without validating that the path belongs to the WordPress uploads directory. Combined with an insufficient same-file check in 'File_Tools::is_same_file' that only compares basenames, this makes it possible for unauthenticated attackers to exfiltrate arbitrary local files as email attachments by submitting a crafted form request when the form is configured with a Media Field and a Send Email action with file attachment.
Severity ?
7.5 (High)
CWE
- CWE-36 - Absolute Path Traversal
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| jetmonsters | JetFormBuilder — Dynamic Blocks Form Builder |
Affected:
* , ≤ 3.5.6.2
(semver)
|
Credits
daroo
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-4373",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-24T14:05:08.517261Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-24T14:05:24.476Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "JetFormBuilder \u2014 Dynamic Blocks Form Builder",
"vendor": "jetmonsters",
"versions": [
{
"lessThanOrEqual": "3.5.6.2",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "daroo"
}
],
"descriptions": [
{
"lang": "en",
"value": "The JetFormBuilder plugin for WordPress is vulnerable to arbitrary file read via path traversal in all versions up to, and including, 3.5.6.2. This is due to the \u0027Uploaded_File::set_from_array\u0027 method accepting user-supplied file paths from the Media Field preset JSON payload without validating that the path belongs to the WordPress uploads directory. Combined with an insufficient same-file check in \u0027File_Tools::is_same_file\u0027 that only compares basenames, this makes it possible for unauthenticated attackers to exfiltrate arbitrary local files as email attachments by submitting a crafted form request when the form is configured with a Media Field and a Send Email action with file attachment."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-36",
"description": "CWE-36 Absolute Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-21T06:45:13.779Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1801fd3e-d56f-4540-9700-9e9de8b465e1?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/jetformbuilder/tags/3.5.6.2/includes/classes/resources/uploaded-file.php#L99"
},
{
"url": "https://plugins.trac.wordpress.org/browser/jetformbuilder/tags/3.5.6.2/modules/block-parsers/file-uploader.php#L313"
},
{
"url": "https://plugins.trac.wordpress.org/browser/jetformbuilder/tags/3.5.6.2/modules/actions-v2/send-email/send-email-action.php#L214"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3486996/jetformbuilder"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-03-18T10:30:55.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2026-03-20T18:28:08.000Z",
"value": "Disclosed"
}
],
"title": "JetFormBuilder \u003c= 3.5.6.2 - Unauthenticated Arbitrary File Read via Media Field"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-4373",
"datePublished": "2026-03-21T06:45:13.779Z",
"dateReserved": "2026-03-18T10:15:15.895Z",
"dateUpdated": "2026-03-24T14:05:24.476Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-11991 (GCVE-0-2025-11991)
Vulnerability from nvd – Published: 2025-12-16 07:21 – Updated: 2025-12-16 21:34
VLAI?
Title
JetFormBuilder <= 3.5.3 - Missing Authorization to Unauthenticated Form Generation
Summary
The JetFormBuilder — Dynamic Blocks Form Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the run_callback function in all versions up to, and including, 3.5.3. This makes it possible for unauthenticated attackers to generate forms using AI, consuming site's AI usage limits.
Severity ?
5.3 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| jetmonsters | JetFormBuilder — Dynamic Blocks Form Builder |
Affected:
* , ≤ 3.5.3
(semver)
|
Credits
Tri Firdyanto
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-11991",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-16T21:34:27.628131Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-16T21:34:34.711Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "JetFormBuilder \u2014 Dynamic Blocks Form Builder",
"vendor": "jetmonsters",
"versions": [
{
"lessThanOrEqual": "3.5.3",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Tri Firdyanto"
}
],
"descriptions": [
{
"lang": "en",
"value": "The JetFormBuilder \u2014 Dynamic Blocks Form Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the run_callback function in all versions up to, and including, 3.5.3. This makes it possible for unauthenticated attackers to generate forms using AI, consuming site\u0027s AI usage limits."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-16T07:21:06.272Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c08444ef-77bc-4e9d-8d94-04b90cc99ded?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/jetformbuilder/tags/3.5.2.1/modules/ai/rest-api/endpoints/generate-form-endpoint.php#L26"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-12T00:00:00.000Z",
"value": "Discovered"
},
{
"lang": "en",
"time": "2025-10-20T20:24:16.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-12-15T18:47:07.000Z",
"value": "Disclosed"
}
],
"title": "JetFormBuilder \u003c= 3.5.3 - Missing Authorization to Unauthenticated Form Generation"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-11991",
"datePublished": "2025-12-16T07:21:06.272Z",
"dateReserved": "2025-10-20T19:44:03.576Z",
"dateUpdated": "2025-12-16T21:34:34.711Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-7291 (GCVE-0-2024-7291)
Vulnerability from nvd – Published: 2024-08-03 06:41 – Updated: 2024-08-07 15:57
VLAI?
Title
JetFormBuilder <= 3.3.4.1 - Authenticated (Administrator+) Privilege Escalation
Summary
The JetFormBuilder plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.3.4.1. This is due to improper restriction on user meta fields. This makes it possible for authenticated attackers, with administrator-level and above permissions, to register as super-admins on the sites configured as multi-sites.
Severity ?
7.2 (High)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| jetmonsters | JetFormBuilder — Dynamic Blocks Form Builder |
Affected:
* , ≤ 3.3.4.1
(semver)
|
Credits
István Márton
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:crocoblock:jetelements:*:*:*:*:*:wordpress:*:*"
],
"defaultStatus": "unknown",
"product": "jetelements",
"vendor": "crocoblock",
"versions": [
{
"lessThanOrEqual": "3.3.4.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7291",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-07T15:54:53.023275Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-07T15:57:47.794Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "JetFormBuilder \u2014 Dynamic Blocks Form Builder",
"vendor": "jetmonsters",
"versions": [
{
"lessThanOrEqual": "3.3.4.1",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Istv\u00e1n M\u00e1rton"
}
],
"descriptions": [
{
"lang": "en",
"value": "The JetFormBuilder plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.3.4.1. This is due to improper restriction on user meta fields. This makes it possible for authenticated attackers, with administrator-level and above permissions, to register as super-admins on the sites configured as multi-sites."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-03T06:41:39.862Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0d8ea1c2-7c6e-43b3-97ca-a06438d51d11?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/jetformbuilder/tags/3.3.4.1/includes/actions/types/register-user.php#L220"
},
{
"url": "https://plugins.trac.wordpress.org/browser/jetformbuilder/tags/3.3.4.1/includes/actions/methods/update-user/user-meta-property.php#L23"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-07-30T00:00:00.000Z",
"value": "Discovered"
},
{
"lang": "en",
"time": "2024-07-31T00:00:00.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2024-08-02T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "JetFormBuilder \u003c= 3.3.4.1 - Authenticated (Administrator+) Privilege Escalation"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-7291",
"datePublished": "2024-08-03T06:41:39.862Z",
"dateReserved": "2024-07-30T14:29:14.301Z",
"dateUpdated": "2024-08-07T15:57:47.794Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2026-4373 (GCVE-0-2026-4373)
Vulnerability from cvelistv5 – Published: 2026-03-21 06:45 – Updated: 2026-03-24 14:05
VLAI?
Title
JetFormBuilder <= 3.5.6.2 - Unauthenticated Arbitrary File Read via Media Field
Summary
The JetFormBuilder plugin for WordPress is vulnerable to arbitrary file read via path traversal in all versions up to, and including, 3.5.6.2. This is due to the 'Uploaded_File::set_from_array' method accepting user-supplied file paths from the Media Field preset JSON payload without validating that the path belongs to the WordPress uploads directory. Combined with an insufficient same-file check in 'File_Tools::is_same_file' that only compares basenames, this makes it possible for unauthenticated attackers to exfiltrate arbitrary local files as email attachments by submitting a crafted form request when the form is configured with a Media Field and a Send Email action with file attachment.
Severity ?
7.5 (High)
CWE
- CWE-36 - Absolute Path Traversal
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| jetmonsters | JetFormBuilder — Dynamic Blocks Form Builder |
Affected:
* , ≤ 3.5.6.2
(semver)
|
Credits
daroo
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-4373",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-24T14:05:08.517261Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-24T14:05:24.476Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "JetFormBuilder \u2014 Dynamic Blocks Form Builder",
"vendor": "jetmonsters",
"versions": [
{
"lessThanOrEqual": "3.5.6.2",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "daroo"
}
],
"descriptions": [
{
"lang": "en",
"value": "The JetFormBuilder plugin for WordPress is vulnerable to arbitrary file read via path traversal in all versions up to, and including, 3.5.6.2. This is due to the \u0027Uploaded_File::set_from_array\u0027 method accepting user-supplied file paths from the Media Field preset JSON payload without validating that the path belongs to the WordPress uploads directory. Combined with an insufficient same-file check in \u0027File_Tools::is_same_file\u0027 that only compares basenames, this makes it possible for unauthenticated attackers to exfiltrate arbitrary local files as email attachments by submitting a crafted form request when the form is configured with a Media Field and a Send Email action with file attachment."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-36",
"description": "CWE-36 Absolute Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-21T06:45:13.779Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1801fd3e-d56f-4540-9700-9e9de8b465e1?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/jetformbuilder/tags/3.5.6.2/includes/classes/resources/uploaded-file.php#L99"
},
{
"url": "https://plugins.trac.wordpress.org/browser/jetformbuilder/tags/3.5.6.2/modules/block-parsers/file-uploader.php#L313"
},
{
"url": "https://plugins.trac.wordpress.org/browser/jetformbuilder/tags/3.5.6.2/modules/actions-v2/send-email/send-email-action.php#L214"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3486996/jetformbuilder"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-03-18T10:30:55.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2026-03-20T18:28:08.000Z",
"value": "Disclosed"
}
],
"title": "JetFormBuilder \u003c= 3.5.6.2 - Unauthenticated Arbitrary File Read via Media Field"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-4373",
"datePublished": "2026-03-21T06:45:13.779Z",
"dateReserved": "2026-03-18T10:15:15.895Z",
"dateUpdated": "2026-03-24T14:05:24.476Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-11991 (GCVE-0-2025-11991)
Vulnerability from cvelistv5 – Published: 2025-12-16 07:21 – Updated: 2025-12-16 21:34
VLAI?
Title
JetFormBuilder <= 3.5.3 - Missing Authorization to Unauthenticated Form Generation
Summary
The JetFormBuilder — Dynamic Blocks Form Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the run_callback function in all versions up to, and including, 3.5.3. This makes it possible for unauthenticated attackers to generate forms using AI, consuming site's AI usage limits.
Severity ?
5.3 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| jetmonsters | JetFormBuilder — Dynamic Blocks Form Builder |
Affected:
* , ≤ 3.5.3
(semver)
|
Credits
Tri Firdyanto
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-11991",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-16T21:34:27.628131Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-16T21:34:34.711Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "JetFormBuilder \u2014 Dynamic Blocks Form Builder",
"vendor": "jetmonsters",
"versions": [
{
"lessThanOrEqual": "3.5.3",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Tri Firdyanto"
}
],
"descriptions": [
{
"lang": "en",
"value": "The JetFormBuilder \u2014 Dynamic Blocks Form Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the run_callback function in all versions up to, and including, 3.5.3. This makes it possible for unauthenticated attackers to generate forms using AI, consuming site\u0027s AI usage limits."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-16T07:21:06.272Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c08444ef-77bc-4e9d-8d94-04b90cc99ded?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/jetformbuilder/tags/3.5.2.1/modules/ai/rest-api/endpoints/generate-form-endpoint.php#L26"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-12T00:00:00.000Z",
"value": "Discovered"
},
{
"lang": "en",
"time": "2025-10-20T20:24:16.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-12-15T18:47:07.000Z",
"value": "Disclosed"
}
],
"title": "JetFormBuilder \u003c= 3.5.3 - Missing Authorization to Unauthenticated Form Generation"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-11991",
"datePublished": "2025-12-16T07:21:06.272Z",
"dateReserved": "2025-10-20T19:44:03.576Z",
"dateUpdated": "2025-12-16T21:34:34.711Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-7291 (GCVE-0-2024-7291)
Vulnerability from cvelistv5 – Published: 2024-08-03 06:41 – Updated: 2024-08-07 15:57
VLAI?
Title
JetFormBuilder <= 3.3.4.1 - Authenticated (Administrator+) Privilege Escalation
Summary
The JetFormBuilder plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.3.4.1. This is due to improper restriction on user meta fields. This makes it possible for authenticated attackers, with administrator-level and above permissions, to register as super-admins on the sites configured as multi-sites.
Severity ?
7.2 (High)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| jetmonsters | JetFormBuilder — Dynamic Blocks Form Builder |
Affected:
* , ≤ 3.3.4.1
(semver)
|
Credits
István Márton
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:crocoblock:jetelements:*:*:*:*:*:wordpress:*:*"
],
"defaultStatus": "unknown",
"product": "jetelements",
"vendor": "crocoblock",
"versions": [
{
"lessThanOrEqual": "3.3.4.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7291",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-07T15:54:53.023275Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-07T15:57:47.794Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "JetFormBuilder \u2014 Dynamic Blocks Form Builder",
"vendor": "jetmonsters",
"versions": [
{
"lessThanOrEqual": "3.3.4.1",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Istv\u00e1n M\u00e1rton"
}
],
"descriptions": [
{
"lang": "en",
"value": "The JetFormBuilder plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.3.4.1. This is due to improper restriction on user meta fields. This makes it possible for authenticated attackers, with administrator-level and above permissions, to register as super-admins on the sites configured as multi-sites."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-03T06:41:39.862Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0d8ea1c2-7c6e-43b3-97ca-a06438d51d11?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/jetformbuilder/tags/3.3.4.1/includes/actions/types/register-user.php#L220"
},
{
"url": "https://plugins.trac.wordpress.org/browser/jetformbuilder/tags/3.3.4.1/includes/actions/methods/update-user/user-meta-property.php#L23"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-07-30T00:00:00.000Z",
"value": "Discovered"
},
{
"lang": "en",
"time": "2024-07-31T00:00:00.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2024-08-02T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "JetFormBuilder \u003c= 3.3.4.1 - Authenticated (Administrator+) Privilege Escalation"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-7291",
"datePublished": "2024-08-03T06:41:39.862Z",
"dateReserved": "2024-07-30T14:29:14.301Z",
"dateUpdated": "2024-08-07T15:57:47.794Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}