WordPress · Jetformbuilder · CVE-2025-11991
**Name of the Vulnerable Software and Affected Versions**
JetFormBuilder versions up to and including 3.5.3
**Description**
The JetFormBuilder — Dynamic Blocks Form Builder plugin for WordPress has a flaw that allows unauthorized modification of data. A missing capability check on the `run callback` function permits unauthenticated attackers to generate forms using AI, potentially exhausting the site's AI usage limits.
**Recommendations**
Update to version 3.5.4 or later.