Home / Vulnerability Intelligence / CVE-2026-32525

CVE-2026-32525 - Vulnerability Analysis

CriticalCVSS: 9.9

Last Updated: March 25, 2026

Jetmonsters JetFormBuilder - Code Injection

Published: March 25, 2026Updated: March 25, 2026Remote Exploitable

Overview

Jetmonsters JetFormBuilder <= 3.5.6.1 contains a code injection vulnerability caused by improper control of code generation, letting attackers inject and execute arbitrary code, exploit requires crafted input.

Severity & Score

Severity: Critical

CVSS Score: 9.9

EPSS Score: 4.7%(Probability of exploitation in next 30 days)

Impact

Attackers can inject and execute arbitrary code, potentially leading to full system compromise.

Mitigation

Update to the latest version beyond 3.5.6.1.

References

https://patchstack.com/database/Wordpress/Plugin/jetformbuilder/vulnerability/wordpress-jetformbuilder-plugin-3-5-6-1-remote-code-execution-rce-vulnerability?_s_id=cve

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 25, 2026

🔴 CVE-2026-32525 - Critical (9.9) Improper Control of Generation of Code ('Code Injection') vulnerability in jetmonsters JetFormBuilder jetformbuilder allows Code Injection.This issue affects JetFormBuilder: from n/a through <= 3.5.6.1. 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32525/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-32525
Severity: Critical
CVSS Score: 9.9
Type: command_injection
Status: new
EPSS: 4.7%
Social Posts: 1

CWE

CWE-94

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

EPSS Score

4.7%Probability of exploitation in the next 30 days