3 matches found
CVE-2023-0034 JetWidgets For Elementor < 1.0.14 - Contributor+ Stored XSS via Shortcode
The JetWidgets For Elementor WordPress plugin before 1.0.14 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...
CVE-2023-0034
Affected product: JetWidgets For Elementor WordPress plugin. Vulnerability: Stored Cross-Site Scripting via shortcode attributes not being validated/escaped before output. Root cause: Attributes of the plugin shortcode are not properly sanitized, enabling injection. Impact: Contributors and highe...
WordPress JetWidgets For Elementor Plugin <= 1.0.13 is vulnerable to Cross Site Scripting (XSS)
Software JetWidgets For Elementor Type Plugin Vulnerable versions = 1.0.13 Fixed in 1.0.14 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0034 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 896a74da0932 Credits Lana...