CVE-2025-53998 MEDIUM

CVE-2025-53998: WordPress JetWooBuilder <= 2.1.20 - Sensitive Data Exposure Vulnerability

Vendor Crocoblock
Product JetWooBuilder
Weakness CWE-201
Published August 20, 2025
Last update April 29, 2026

CVSS base score

6.5/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetWooBuilder jet-woo-builder allows Retrieve Embedded Sensitive Data.This issue affects JetWooBuilder: from n/a through <= 2.1.20.

Explanation of Vulnerability in Simple Terms

02Summary

JetWooBuilder versions up to 2.1.20 expose sensitive information to authenticated users. An attacker with a low-privilege account can read data they should not have access to. The vulnerability requires login credentials but no additional user interaction. Update to a version newer than 2.1.20 to resolve this issue.

What an attacker can do

03Attacker Capabilities

Read sensitive data they should not have access to with a low-privilege account.

Potential impact on your site

04Site Impact

User data may be exposed to authenticated attackers with limited permissions.

Conditions required to exploit

05Prerequisites

Attacker must have a valid low-privilege user account on the site.

Key dates

06Disclosure timeline

August 20, 2025 CVE published
April 29, 2026 Record updated