89 matches found
WordPress JetWidgets For Elementor Plugin <= 1.0.16 is vulnerable to Cross Site Scripting (XSS)
Software JetWidgets For Elementor Type Plugin Vulnerable versions = 1.0.16 Fixed in 1.0.17 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2507 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 5d49ae8fd6e0 Credits João Pedro...
WordPress JetWidgets For Elementor Plugin <= 1.0.15 is vulnerable to Cross Site Scripting (XSS)
Software JetWidgets For Elementor Type Plugin Vulnerable versions = 1.0.15 Fixed in 1.0.16 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2138 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 1b9d613d73ad Credits Francesco...
CVE-2023-0034
The JetWidgets For Elementor WordPress plugin before 1.0.14 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...
CVE-2023-0034
The JetWidgets For Elementor WordPress plugin before 1.0.14 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...
Cross site scripting
The JetWidgets For Elementor WordPress plugin before 1.0.14 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...
CVE-2023-0034
Affected product: JetWidgets For Elementor WordPress plugin. Vulnerability: Stored Cross-Site Scripting via shortcode attributes not being validated/escaped before output. Root cause: Attributes of the plugin shortcode are not properly sanitized, enabling injection. Impact: Contributors and highe...
CVE-2023-0034 JetWidgets For Elementor < 1.0.14 - Contributor+ Stored XSS via Shortcode
The JetWidgets For Elementor WordPress plugin before 1.0.14 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...
WordPress plugin JetWidgets For Elementor 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...
PT-2023-15960 · WordPress · Jetwidgets For Elementor
Name of the Vulnerable Software and Affected Versions: JetWidgets For Elementor WordPress plugin versions prior to 1.0.14 Description: The issue concerns the JetWidgets For Elementor WordPress plugin, which does not properly validate and escape some of its shortcode attributes before outputting...
WordPress JetWidgets For Elementor Plugin <= 1.0.13 is vulnerable to Cross Site Scripting (XSS)
Software JetWidgets For Elementor Type Plugin Vulnerable versions = 1.0.13 Fixed in 1.0.14 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0034 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 896a74da0932 Credits Lana...
CVE-2023-0086
The JetWidgets for Elementor plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.12. This is due to missing nonce validation on the save function. This makes it possible for unauthenticated attackers to to modify the plugin's settings via a forge...
CVE-2023-0086
The JetWidgets for Elementor plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.12. This is due to missing nonce validation on the save function. This makes it possible for unauthenticated attackers to to modify the plugin's settings via a forge...
CVE-2023-0086
The JetWidgets for Elementor plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.12. This is due to missing nonce validation on the save function. This makes it possible for unauthenticated attackers to to modify the plugin's settings via a forge...
CVE-2023-0086
The JetWidgets for Elementor plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.12. This is due to missing nonce validation on the save function. This makes it possible for unauthenticated attackers to to modify the plugin's settings via a forge...
CVE-2023-0086 JetWidgets for Elementor <= 1.0.12 - Cross-Site Request Forgery to Settings Update
The JetWidgets for Elementor plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.12. This is due to missing nonce validation on the save function. This makes it possible for unauthenticated attackers to to modify the plugin's settings via a forge...
CVE-2023-0086
The CVE-2023-0086 entry concerns the WordPress JetWidgets for Elementor plugin. A CSRF vulnerability exists in versions up to 1.0.12 due to missing nonce validation on the save() function, allowing unauthenticated attackers to forge requests to modify plugin settings if a site admin interacts wit...
PT-2023-16001 · WordPress · Jetwidgets For Elementor
Name of the Vulnerable Software and Affected Versions: JetWidgets for Elementor plugin for WordPress versions up to, and including, 1.0.12 Description: The issue is due to missing nonce validation on the save function, allowing unauthenticated attackers to modify the plugin's settings via a forge...
WordPress plugin JetWidgets for Elementor 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin JetWidgets...
WordPress JetWidgets For Elementor Plugin <= 1.0.12 is vulnerable to Cross Site Request Forgery (CSRF)
Software JetWidgets For Elementor Type Plugin Vulnerable versions = 1.0.12 Fixed in 1.0.13 OWASP Top 10 A8: Cross Site Request Forgery CSRF Classification Cross Site Request Forgery CSRF CVE CVE-2023-0086 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 8656a01af81e Credits...
JetWidgets for Elementor < 1.0.13 - Settings Update via CSRF
The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...