CRITICAL
Crocoblock
CVE published 2026-05-25
CVE-2026-42774
A critical SQL injection vulnerability (CWE-89) in Crocoblock JetEngine, a WordPress plugin, allows unauthenticated attackers to execute arbitrary SQL commands. The vulnerability affects all versions from n/a through 3.8.8.1. With a CVSS 3.1 score of 9.3 (Critical), this represents a severe risk to WordPress sites using the affected plugin, particularly due to the network-attackable vector, low attack com [truncated]