Lucene search
K

89 matches found

Patchstack
Patchstack
added 2024/03/21 12:0 a.m.12 views

WordPress JetWidgets For Elementor Plugin <= 1.0.16 is vulnerable to Cross Site Scripting (XSS)

Software JetWidgets For Elementor Type Plugin Vulnerable versions = 1.0.16 Fixed in 1.0.17 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2507 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 5d49ae8fd6e0 Credits João Pedro...

6.4CVSS6AI score0.0034EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/03/14 12:0 a.m.12 views

WordPress JetWidgets For Elementor Plugin <= 1.0.15 is vulnerable to Cross Site Scripting (XSS)

Software JetWidgets For Elementor Type Plugin Vulnerable versions = 1.0.15 Fixed in 1.0.16 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2138 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 1b9d613d73ad Credits Francesco...

6.4CVSS5.8AI score0.00423EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2023/02/13 3:15 p.m.22 views

CVE-2023-0034

The JetWidgets For Elementor WordPress plugin before 1.0.14 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

5.4CVSS5.3AI score0.00477EPSS
Exploits2References1
OSV
OSV
added 2023/02/13 3:15 p.m.5 views

CVE-2023-0034

The JetWidgets For Elementor WordPress plugin before 1.0.14 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

5.4CVSS6.1AI score0.00477EPSS
Exploits2References1
Prion
Prion
added 2023/02/13 3:15 p.m.20 views

Cross site scripting

The JetWidgets For Elementor WordPress plugin before 1.0.14 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

4.9CVSS5.4AI score0.00477EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2023/02/13 2:32 p.m.67 views

CVE-2023-0034

Affected product: JetWidgets For Elementor WordPress plugin. Vulnerability: Stored Cross-Site Scripting via shortcode attributes not being validated/escaped before output. Root cause: Attributes of the plugin shortcode are not properly sanitized, enabling injection. Impact: Contributors and highe...

5.4CVSS5.3AI score0.00477EPSS
Exploits2References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/02/13 2:32 p.m.9 views

CVE-2023-0034 JetWidgets For Elementor < 1.0.14 - Contributor+ Stored XSS via Shortcode

The JetWidgets For Elementor WordPress plugin before 1.0.14 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

5.3AI score0.00477EPSS
Exploits2References1
CNNVD
CNNVD
added 2023/02/13 12:0 a.m.5 views

WordPress plugin JetWidgets For Elementor 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

5.4CVSS5.4AI score0.00477EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2023/02/13 12:0 a.m.6 views

PT-2023-15960 · WordPress · Jetwidgets For Elementor

Name of the Vulnerable Software and Affected Versions: JetWidgets For Elementor WordPress plugin versions prior to 1.0.14 Description: The issue concerns the JetWidgets For Elementor WordPress plugin, which does not properly validate and escape some of its shortcode attributes before outputting...

5.4CVSS5.8AI score0.00477EPSS
Exploits2References6
Patchstack
Patchstack
added 2023/01/19 12:0 a.m.13 views

WordPress JetWidgets For Elementor Plugin <= 1.0.13 is vulnerable to Cross Site Scripting (XSS)

Software JetWidgets For Elementor Type Plugin Vulnerable versions = 1.0.13 Fixed in 1.0.14 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0034 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 896a74da0932 Credits Lana...

5.4CVSS5.9AI score0.00477EPSS
Exploits2References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2023/01/05 5:15 p.m.6 views

CVE-2023-0086

The JetWidgets for Elementor plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.12. This is due to missing nonce validation on the save function. This makes it possible for unauthenticated attackers to to modify the plugin's settings via a forge...

6.5CVSS6.5AI score0.00333EPSS
Exploits0References3
NVD
NVD
added 2023/01/05 5:15 p.m.24 views

CVE-2023-0086

The JetWidgets for Elementor plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.12. This is due to missing nonce validation on the save function. This makes it possible for unauthenticated attackers to to modify the plugin's settings via a forge...

6.5CVSS5.4AI score0.00333EPSS
Exploits0References4
OSV
OSV
added 2023/01/05 5:15 p.m.10 views

CVE-2023-0086

The JetWidgets for Elementor plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.12. This is due to missing nonce validation on the save function. This makes it possible for unauthenticated attackers to to modify the plugin's settings via a forge...

6.5CVSS5.5AI score0.00333EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/01/05 4:21 p.m.10 views

CVE-2023-0086

The JetWidgets for Elementor plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.12. This is due to missing nonce validation on the save function. This makes it possible for unauthenticated attackers to to modify the plugin's settings via a forge...

5.4CVSS6AI score0.00333EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/01/05 4:21 p.m.29 views

CVE-2023-0086 JetWidgets for Elementor <= 1.0.12 - Cross-Site Request Forgery to Settings Update

The JetWidgets for Elementor plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.12. This is due to missing nonce validation on the save function. This makes it possible for unauthenticated attackers to to modify the plugin's settings via a forge...

5.4CVSS6.2AI score0.00333EPSS
Exploits0References3
CVE
CVE
added 2023/01/05 4:21 p.m.57 views

CVE-2023-0086

The CVE-2023-0086 entry concerns the WordPress JetWidgets for Elementor plugin. A CSRF vulnerability exists in versions up to 1.0.12 due to missing nonce validation on the save() function, allowing unauthenticated attackers to forge requests to modify plugin settings if a site admin interacts wit...

6.5CVSS5.9AI score0.00333EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2023/01/05 12:0 a.m.8 views

PT-2023-16001 · WordPress · Jetwidgets For Elementor

Name of the Vulnerable Software and Affected Versions: JetWidgets for Elementor plugin for WordPress versions up to, and including, 1.0.12 Description: The issue is due to missing nonce validation on the save function, allowing unauthenticated attackers to modify the plugin's settings via a forge...

6.5CVSS6.2AI score0.00333EPSS
Exploits0References6
CNNVD
CNNVD
added 2023/01/05 12:0 a.m.6 views

WordPress plugin JetWidgets for Elementor 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin JetWidgets...

6.5CVSS6.2AI score0.00333EPSS
Exploits0References3
Patchstack
Patchstack
added 2023/01/05 12:0 a.m.14 views

WordPress JetWidgets For Elementor Plugin <= 1.0.12 is vulnerable to Cross Site Request Forgery (CSRF)

Software JetWidgets For Elementor Type Plugin Vulnerable versions = 1.0.12 Fixed in 1.0.13 OWASP Top 10 A8: Cross Site Request Forgery CSRF Classification Cross Site Request Forgery CSRF CVE CVE-2023-0086 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 8656a01af81e Credits...

6.5CVSS6.8AI score0.00333EPSS
Exploits0References3Affected Software1
WPVulnDB
WPVulnDB
added 2023/01/04 12:0 a.m.19 views

JetWidgets for Elementor < 1.0.13 - Settings Update via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

6.5CVSS4.7AI score0.00333EPSS
Exploits0Affected Software1
Rows per page
Query Builder