WordPress Plugin Vulnerabilities

JetFormBuilder < 3.5.4 - Missing Authorization

Description

The JetFormBuilder — Dynamic Blocks Form Builder plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 3.5.3. This makes it possible for unauthenticated attackers to perform an unauthorized action.

Affects Plugins

Plugin icon
jetformbuilder
Fixed in 3.5.4

References

CVE
CVE-2025-64384
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/f52f1866-cd9d-4443-85c8-e0e7e50f3fbc

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
benzdeus
Verified
No
WPVDB ID
a37dcc9d-df12-447d-b649-a1c8ccbca43c

Timeline

Publicly Published
2025-11-29 (about 5 months ago)
Added
2025-12-01 (about 5 months ago)
Last Updated
2025-12-01 (about 5 months ago)

Other

Published
Title
Published
2022-07-26
Title
Automations By Autonami < 2.1.2 - Subscriber+ Automation Creation
Published
2026-01-08
Title
Forminator Forms < 1.49.2 - Forminator User+ CSV Export
Published
2024-04-24
Title
Popup Box – Best WordPress Popup Plugin < 4.3.7 - Missing Authorization to Information Exposure
Published
2025-12-30
Title
WpStream < 4.9.6 - Missing Authorization
Published
2024-12-05
Title
AI Quiz | Quiz Maker <= 1.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update