Skip to main content

Jetsearch

2 CVEs product

Monthly

CVE-2026-61977 MEDIUM This Month

Unauthenticated sensitive data exposure in Crocoblock JetSearch WordPress plugin (all versions through 3.6.1.2) permits remote attackers to retrieve embedded sensitive system information without any credentials or user interaction. The flaw is classified under CWE-497, indicating the plugin surfaces internal system data through an externally accessible vector. With a network-accessible, zero-privilege attack path confirmed by the CVSS:3.1/AV:N/AC:L/PR:N/UI:N vector, any internet-facing WordPress installation running a vulnerable JetSearch version is exposed. No public exploit code or CISA KEV listing has been identified at time of analysis.

Information Disclosure Jetsearch
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2026-49079 CRITICAL Act Now

Unauthenticated SQL injection in the JetSearch WordPress plugin (versions <= 3.5.17) allows remote attackers to inject arbitrary SQL into backend database queries without any authentication or user interaction. The flaw carries a CVSS 9.3 (Critical) score with a scope change, meaning impact extends beyond the plugin to the underlying WordPress database. No public exploit identified at time of analysis, but the trivial attack complexity and lack of authentication requirement make this a high-priority patching target for any WordPress site running the plugin.

SQLi Jetsearch
NVD
CVSS 3.1
9.3
EPSS
0.3%
EPSS 0% CVSS 5.3
MEDIUM This Month

Unauthenticated sensitive data exposure in Crocoblock JetSearch WordPress plugin (all versions through 3.6.1.2) permits remote attackers to retrieve embedded sensitive system information without any credentials or user interaction. The flaw is classified under CWE-497, indicating the plugin surfaces internal system data through an externally accessible vector. With a network-accessible, zero-privilege attack path confirmed by the CVSS:3.1/AV:N/AC:L/PR:N/UI:N vector, any internet-facing WordPress installation running a vulnerable JetSearch version is exposed. No public exploit code or CISA KEV listing has been identified at time of analysis.

Information Disclosure Jetsearch
NVD
EPSS 0% CVSS 9.3
CRITICAL Act Now

Unauthenticated SQL injection in the JetSearch WordPress plugin (versions <= 3.5.17) allows remote attackers to inject arbitrary SQL into backend database queries without any authentication or user interaction. The flaw carries a CVSS 9.3 (Critical) score with a scope change, meaning impact extends beyond the plugin to the underlying WordPress database. No public exploit identified at time of analysis, but the trivial attack complexity and lack of authentication requirement make this a high-priority patching target for any WordPress site running the plugin.

SQLi Jetsearch
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy