Missing Authorization in JetFormBuilder by JetMonsters
CVE-2025-64384

Currently unrated

Key Information:

Vendor

WordPress
Status
Jetformbuilder
Vendor
CVE Published:
13 November 2025

What is CVE-2025-64384?

A vulnerability exists in JetFormBuilder by JetMonsters due to missing authorization checks that can lead to incorrectly configured access control security levels. This vulnerability allows unauthorized access to sensitive functionality within the plugin. Affected versions include JetFormBuilder up to version 3.5.3. Users of this plugin should implement immediate measures to rectify the access control issues to secure their applications.

Affected Version(s)

JetFormBuilder <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Plugin/jetf...
vdb-entry

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

benzdeus | Patchstack Bug Bounty Program
JSON
.
CVE-2025-64384 : Missing Authorization in JetFormBuilder by JetMonsters