CVE-2025-64384
WordPress JetFormBuilder plugin <= 3.5.3 - Broken Access Control vulnerabilityMissing Authorization vulnerability in jetmonsters JetFormBuilder jetformbuilder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JetFormBuilder: from n/a through <= 3.5.3.
We have discovered 3,086 live websites that are affected by CVE-2025-64384.
Affected Software
| Product |  Jetformbuilder |
| Category | Wordpress Plugins |
| Vulnerable Domains | 3,086 live websites (54% of Jetformbuilder install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 55 versions ( 90% of all versions) |
Details
- Published - Nov 13, 2025
- Updated - Apr 1, 2026
Credits
- benzdeus | Patchstack Bug Bounty Program (finder)
CVE References
Website Distribution by Country
Number of websites using CVE-2025-64384 United States | 593 websites |
 Germany | 309 websites |
 Brazil | 248 websites |
 France | 165 websites |
 Netherlands | 162 websites |
 Spain | 141 websites |
 Bulgaria | 113 websites |
 GB | 105 websites |
 Canada | 85 websites |
 Italy | 84 websites |
Website Distribution by TLD
Number of websites using CVE-2025-64384| .com | 1,088 websites |
| .com.br | 203 websites |
| .de | 170 websites |
| .nl | 134 websites |
| .org | 127 websites |
| .fr | 72 websites |
| .it | 67 websites |
| .es | 56 websites |
| .ca | 52 websites |
| .ch | 51 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2025-64384
Top websites that are affected by CVE-2025-64384. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *********.com | United States | **,*** | |
| **********.com | United States | **,*** | |
| *****.org | United States | **,*** | |
| ****.********.edu | United States | **,*** | |
| ****.com |  Malta | ***,*** | |
| *******.com |  Cyprus | ***,*** | |
| ***************.com | United States | ***,*** | |
| *******************.de | Germany | ***,*** | |
| **************.org | United States | ***,*** | |
| *************.com | Canada | ***,*** |
FAQ
A total of 3,086 websites have been identified as vulnerable to CVE-2025-64384, based on global website indexing conducted by WebTechSurvey.
The Jetformbuilder is affected by the CVE-2025-64384 vulnerability.
Jetformbuilder versions up to and including 3.5.3 are vulnerable to CVE-2025-64384.