Cross-Site Scripting Vulnerability in JetEngine by NotFound
CVE-2025-26870

6.5MEDIUM

Key Information:

Vendor: Notfound
Status: Jetengine
Vendor: CVE Published:; 15 April 2025

What is CVE-2025-26870?

The JetEngine plugin by NotFound contains a vulnerability that allows for Cross-Site Scripting (XSS) attacks through improper input neutralization during web page generation. This vulnerability can lead to unauthorized script execution in the user's browser, potentially compromising the security of web applications using this plugin. Users are advised to update to a secure version and review their implementations to prevent exploitation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

JetEngine <= 3.6.4.1

References

https://patchstack.com/database/wordpress/plugin/jet-engi...

vdb-entry

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 15, 2025
Vulnerability Reserved
Feb 17, 2025

Credit

stealthcopter (Patchstack Alliance)

JSON

Notfound