PatchSiren

Jetmonsters CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM Jetmonsters CVE published 2026-06-17

CVE-2026-54196

CVE-2026-54196 is a medium-severity vulnerability (CVSS Score: 6.8) affecting JetFormBuilder versions <= 3.6.1. This issue allows subscribers to escalate their privileges. The vulnerability was published on 2026-06-17T13:20:50.960Z and last modified on 2026-06-17T14:44:26.397Z. Users of affected versions should take immediate action to mitigate potential risks. The CVE record and NVD detail provide furthe [truncated]

HIGH Jetmonsters CVE published 2026-06-17

CVE-2026-54195

CVE-2026-54195 is a HIGH severity vulnerability in JetFormBuilder versions <= 3.6.0.1. It allows unauthenticated Cross Site Scripting (XSS) attacks. The CVSS score is 7.1. The vulnerability was published on 2026-06-17T13:20:50.820Z and last modified on 2026-06-17T17:17:26.393Z. Users of affected versions should take immediate action to mitigate the risk.

MEDIUM jetmonsters CVE published 2026-05-28

CVE-2026-9228

The Timetable and Event Schedule by MotoPress plugin for WordPress is vulnerable to Insecure Direct Object Reference (IDOR) in all versions up to and including 2.4.16. The vulnerability exists in the `action_get_event_data` functionality, which fails to validate user-controlled keys. Authenticated attackers with contributor-level access or higher can enumerate timeslot IDs and retrieve complete WP_Post ob [truncated]