CVE-2025-67923
WordPress JetEngine plugin <= 3.7.7 - Cross Site Scripting (XSS) vulnerabilityImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetEngine jet-engine allows Reflected XSS.This issue affects JetEngine: from n/a through <= 3.7.7.
We have discovered 62,066 live websites that are affected by CVE-2025-67923.
Affected Software
| Product | |
| Category | Wordpress Plugins |
| Vulnerable Domains | 62,066 live websites (74% of Crocoblock JetEngine install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 168 versions ( 94% of all versions) |
Details
- Published - Jan 22, 2026
- Updated - Jan 28, 2026
Credits
- Bonds | Patchstack Bug Bounty Program (finder)
CVE References
Website Distribution by Country
Number of websites using CVE-2025-67923 United States | 13,950 websites |
 Brazil | 6,253 websites |
 Germany | 4,878 websites |
 Spain | 2,886 websites |
 France | 2,750 websites |
 Netherlands | 2,598 websites |
 GB | 2,423 websites |
 Iran | 2,219 websites |
 Israel | 2,161 websites |
 Italy | 1,798 websites |
Website Distribution by TLD
Number of websites using CVE-2025-67923| .com | 22,393 websites |
| .com.br | 5,621 websites |
| .de | 2,518 websites |
| .nl | 2,372 websites |
| .org | 2,192 websites |
| .co.uk | 1,435 websites |
| .it | 1,375 websites |
| .es | 1,195 websites |
| .fr | 1,104 websites |
| .com.au | 937 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2025-67923
Top websites that are affected by CVE-2025-67923. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ******************.de | Germany | **,*** | |
| ******************.com | United States | **,*** | |
| ****.com | United States | **,*** | |
| ******.com | United States | **,*** | |
| ******.com | United States | **,*** | |
| ************.com | United States | **,*** | |
| *****************.net | GB | **,*** | |
| *********.com | United States | **,*** | |
| ******.com | United States | **,*** | |
| **********.com | United States | **,*** |
FAQ
A total of 62,066 websites have been identified as vulnerable to CVE-2025-67923, based on global website indexing conducted by WebTechSurvey.
The Crocoblock JetEngine is affected by the CVE-2025-67923 vulnerability.
Crocoblock JetEngine versions up to and including 3.7.7 are vulnerable to CVE-2025-67923.