What the vulnerability does
01Description
Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetWooBuilder jet-woo-builder allows Retrieve Embedded Sensitive Data.This issue affects JetWooBuilder: from n/a through <= 2.1.20.
Explanation of Vulnerability in Simple Terms
02Summary
JetWooBuilder versions up to 2.1.20 expose sensitive information to authenticated users. An attacker with a low-privilege account can read data they should not have access to. The vulnerability requires login credentials but no additional user interaction. Update to a version newer than 2.1.20 to resolve this issue.
What an attacker can do
03Attacker Capabilities
Read sensitive data they should not have access to with a low-privilege account.
Potential impact on your site
04Site Impact
User data may be exposed to authenticated attackers with limited permissions.
Conditions required to exploit
05Prerequisites
Attacker must have a valid low-privilege user account on the site.
Key dates
06Disclosure timeline
August 20, 2025
CVE published
April 29, 2026
Record updated