Lucene search
K

89 matches found

NVD
NVD
added 2026/07/01 5:16 a.m.9 views

CVE-2026-11380

The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 1.0.21. This is due to insufficient output escaping and missing server-side validation of the Animated Box widget's animationeffect setting before it is rendered inside a...

6.4CVSS0.00156EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/01 4:32 a.m.6 views

EUVD-2026-40909

The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 1.0.21. This is due to insufficient output escaping and missing server-side validation of the Animated Box widget's animationeffect setting before it is rendered inside a...

6.4CVSS5.9AI score0.00156EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 4:32 a.m.11 views

CVE-2026-11380

The CVE-2026-11380 entry concerns the WordPress plugin JetWidgets For Elementor. Affected: JetWidgets For Elementor (WordPress) versions up to and including 1.0.21. Vulnerability: Stored Cross-Site Scripting due to insufficient output escaping and missing server-side validation of the Animated Bo...

6.4CVSS5.9AI score0.00156EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/01 4:32 a.m.38 views

CVE-2026-11380 JetWidgets For Elementor <= 1.0.21 - Authenticated (Author+) Stored Cross-Site Scripting via Animated Box 'animation_effect' Setting

The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 1.0.21. This is due to insufficient output escaping and missing server-side validation of the Animated Box widget's animationeffect setting before it is rendered inside a...

6.4CVSS0.00156EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/06/30 4:1 p.m.4 views

WordPress JetWidgets For Elementor plugin <= 1.0.21 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability

Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin JetWidgets For Elementor versions = 1.0.21...

6.4CVSS5.8AI score0.00156EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/07 9:13 a.m.14 views

CVE-2024-2507

The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the widget button URL in all versions up to, and including, 1.0.16 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS5.8AI score0.0034EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:13 a.m.9 views

CVE-2024-2138

The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Animated Box widget in all versions up to, and including, 1.0.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.8AI score0.00423EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/12/15 5:48 p.m.10 views

WordPress JetWidgets For Elementor plugin <= 1.0.20 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Comparison and Subscribe Widgets vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Image Comparison and Subscribe Widgets vulnerability discovered by zer0gh0st in WordPress Plugin JetWidgets For Elementor versions = 1.0.20...

6.4CVSS5.5AI score0.00195EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/14 8:45 a.m.9 views

CVE-2025-8195

The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Comparison and Subscribe widgets in all versions up to, and including, 1.0.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS5AI score0.00195EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/13 6:30 p.m.5 views

EUVD-2025-203247

The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Comparison and Subscribe widgets in all versions up to, and including, 1.0.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS4.7AI score0.00195EPSS
Exploits0References6
NVD
NVD
added 2025/12/13 4:16 p.m.6 views

CVE-2025-8195

The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Comparison and Subscribe widgets in all versions up to, and including, 1.0.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS0.00195EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/12/13 8:21 a.m.30 views

CVE-2025-8195 JetWidgets For Elementor <= 1.0.20 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Comparison and Subscribe Widgets

The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Comparison and Subscribe widgets in all versions up to, and including, 1.0.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS0.00195EPSS
Exploits0References5
CVE
CVE
added 2025/12/13 8:21 a.m.26 views

CVE-2025-8195

CVE-2025-8195 affects the WordPress plugin JetWidgets For Elementor. It is a stored cross-site scripting (XSS) vulnerability in the Image Comparison and Subscribe widgets, exploitable in all versions up to 1.0.20. The root cause is insufficient input sanitization and output escaping on user-suppl...

6.4CVSS4.7AI score0.00195EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/12/13 8:21 a.m.4 views

CVE-2025-8195 JetWidgets For Elementor <= 1.0.20 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Comparison and Subscribe Widgets

The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Comparison and Subscribe widgets in all versions up to, and including, 1.0.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS4.7AI score0.00195EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/12/13 12:0 a.m.5 views

PT-2025-51105

The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Comparison and Subscribe widgets in all versions up to, and including, 1.0.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS5AI score0.00195EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/12/13 12:0 a.m.5 views

WordPress plugin JetWidgets For Elementor 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin.... A cross-site...

6.4CVSS6AI score0.00195EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-11182

Malware in sbrugna...

5.4CVSS5.5AI score0.0059EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-37612

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00498EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-27102

Malicious code in bioql PyPI...

6.4CVSS8.6AI score0.00423EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-33038

Malicious code in bioql PyPI...

6.4CVSS8.6AI score0.00295EPSS
Exploits0References3
Rows per page
Query Builder