Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Crocoblock Subscribe
Filtered by product Jetwidgets For Elementor
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-0034 1 Crocoblock 1 Jetwidgets For Elementor 2023-03-06 N/A 5.4 MEDIUM
The JetWidgets For Elementor WordPress plugin before 1.0.14 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
CVE-2023-0086 1 Crocoblock 1 Jetwidgets For Elementor 2023-01-11 N/A 6.5 MEDIUM
The JetWidgets for Elementor plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.12. This is due to missing nonce validation on the save() function. This makes it possible for unauthenticated attackers to to modify the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This can be used to enable SVG uploads that could make Cross-Site Scripting possible.
CVE-2021-24268 1 Crocoblock 1 Jetwidgets For Elementor 2021-05-07 3.5 LOW 5.4 MEDIUM
The “JetWidgets For Elementor” WordPress Plugin before 1.0.9 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.