CVE-2026-54189 Jetimpex Inc. CVE debrief

Who should care

Administrators and users of the JetEngine plugin, especially those using versions up to 3.8.10, should be aware of this vulnerability and take necessary actions to mitigate the risk.

Technical summary

CVE-2026-54189 is an Unauthenticated Cross Site Scripting (XSS) vulnerability in the JetEngine plugin. The vulnerability has a CVSS score of 7.1 and a vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L. It is classified under CWE-79. The vulnerability was published on June 17, 2026, and has not been reported to be exploited in the wild.

Defensive priority

High

Recommended defensive actions

• Update the JetEngine plugin to a version greater than 3.8.10.
• Implement a Web Application Firewall (WAF) to detect and prevent XSS attacks.
• Regularly monitor plugin and software updates.
• Use secure coding practices and validate user input.
• Limit access to sensitive areas of the plugin.
• Perform regular security audits and vulnerability assessments.
• Consider using a security plugin or service to monitor and protect against threats.

Evidence notes

The vulnerability information is based on data from the CVE.org and NVD databases. The CVE record and NVD details provide further information on this vulnerability. The Patchstack database also provides additional information on this vulnerability.

Official resources