Crocoblock JetEngine allows hackers to inject malicious code

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

8.5

Crocoblock JetEngine allows hackers to inject malicious code

CVE-2026-28134

Summary

Crocoblock JetEngine, a popular WordPress plugin, has a security issue that allows unauthorized individuals to inject malicious code. This could lead to unauthorized access to your website or data theft. Update to version 3.7.3 or later to fix this issue.

Original title

Improper Control of Generation of Code ('Code Injection') vulnerability in Crocoblock JetEngine jet-engine allows Remote Code Inclusion.This issue affects JetEngine: from n/a through <= 3.7.2.

Original description

Improper Control of Generation of Code ('Code Injection') vulnerability in Crocoblock JetEngine jet-engine allows Remote Code Inclusion.This issue affects JetEngine: from n/a through <= 3.7.2.

nvd CVSS3.1 8.5

Vulnerability type

CWE-94 Code Injection

https://patchstack.com/database/Wordpress/Plugin/jet-engine/vulnerability/wordpr...

Published: 5 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026