GCVE - cpe:2.3:a:crocoblock:jettabs:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:crocoblock:jettabs:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Crocoblock (`ef7ce6af-89c8-5e74-9d86-961d95db36f9`)
Product	Jettabs (`2d74ded5-3cab-5b8c-a6f1-d1c709d11d41`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-68499`	vulnerable	2026-06-03 15:11:03.411232	WordPress JetTabs plugin <= 2.2.12 - Cross Site Scripting (XSS) vulnerability MEDIUM (6.5) Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetTabs jet-tabs allows DOM-Based XSS.This issue affects JetTabs: from n/a through <= 2.2.12. Published: 2025-12-29T23:10:45.157Z Updated: 2026-04-28T16:14:28.744Z Open on db.gcve.eu Reference links https://patchstack.com/database/Wordpress/Plugin/jet-tabs/vulnerability/wordpress-jettabs-plugin-2-2-12-cross-site-scripting-xss-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-68498`	vulnerable	2026-06-03 15:11:03.410892	WordPress JetTabs plugin <= 2.2.12 - Broken Access Control vulnerability MEDIUM (6.5) Missing Authorization vulnerability in Crocoblock JetTabs jet-tabs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JetTabs: from n/a through <= 2.2.12. Published: 2025-12-29T23:13:35.444Z Updated: 2026-04-28T16:14:28.789Z Open on db.gcve.eu Reference links https://patchstack.com/database/Wordpress/Plugin/jet-tabs/vulnerability/wordpress-jettabs-plugin-2-2-12-broken-access-control-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-54687`	vulnerable	2026-06-03 15:04:56.541293	WordPress JetTabs Plugin plugin <= 2.2.9.1 - Cross Site Scripting (XSS) Vulnerability MEDIUM (6.5) Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetTabs jet-tabs allows DOM-Based XSS.This issue affects JetTabs: from n/a through <= 2.2.9.1. Published: 2025-08-14T10:34:48.750Z Updated: 2026-05-12T00:31:36.190Z Open on db.gcve.eu Reference links https://patchstack.com/database/Wordpress/Plugin/jet-tabs/vulnerability/wordpress-jettabs-plugin-plugin-2-2-9-1-cross-site-scripting-xss-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-53985`	vulnerable	2026-06-03 15:03:55.414981	WordPress JetTabs <= 2.2.9 - Sensitive Data Exposure Vulnerability MEDIUM (6.5) Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetTabs jet-tabs allows Retrieve Embedded Sensitive Data.This issue affects JetTabs: from n/a through <= 2.2.9. Published: 2025-08-20T08:03:08.749Z Updated: 2026-04-29T09:51:55.595Z Open on db.gcve.eu Reference links https://patchstack.com/database/Wordpress/Plugin/jet-tabs/vulnerability/wordpress-jettabs-2-2-9-sensitive-data-exposure-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-53984`	vulnerable	2026-06-03 15:03:55.414648	WordPress JetTabs plugin <= 2.2.9 - Cross Site Scripting (XSS) Vulnerability MEDIUM (6.5) Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetTabs jet-tabs allows Stored XSS.This issue affects JetTabs: from n/a through <= 2.2.9. Published: 2025-07-16T10:36:10.911Z Updated: 2026-04-28T16:13:27.026Z Open on db.gcve.eu Reference links https://patchstack.com/database/Wordpress/Plugin/jet-tabs/vulnerability/wordpress-jettabs-plugin-2-2-9-cross-site-scripting-xss-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-39450`	vulnerable	2026-06-03 15:01:02.384089	WordPress JetTabs plugin <= 2.2.7 - Cross Site Scripting (XSS) vulnerability MEDIUM (6.5) Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetTabs jet-tabs allows DOM-Based XSS.This issue affects JetTabs: from n/a through <= 2.2.7. Published: 2025-05-19T17:32:19.805Z Updated: 2026-04-28T16:12:31.920Z Open on db.gcve.eu Reference links https://patchstack.com/database/Wordpress/Plugin/jet-tabs/vulnerability/wordpress-jettabs-plugin-2-2-7-cross-site-scripting-xss-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-7146`	vulnerable	2026-06-03 14:58:05.152280	JetTabs <= 2.2.3 - Authenticated (Contributor+) Arbitrary Local File Inclusion HIGH (8.8) The JetTabs for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.2.3 via the 'switcher_preset' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. Published: 2024-08-16T10:59:55.760Z Updated: 2026-04-08T17:12:56.229Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/a401a2dd-9b31-47d9-b841-f2e7042b8333?source=cve https://crocoblock.com/plugins/jettabs/	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.