CVE-2025-11991

Name of the Vulnerable Software and Affected Versions JetFormBuilder versions up to and including 3.5.3

Description The JetFormBuilder — Dynamic Blocks Form Builder plugin for WordPress has a flaw that allows unauthorized modification of data. A missing capability check on the run callback function permits unauthenticated attackers to generate forms using AI, potentially exhausting the site's AI usage limits.

Recommendations Update to version 3.5.4 or later.