89 matches found
CVE-2024-38772 WordPress JetWidgets for Elementor and WooCommerce plugin <= 1.1.7 - Contributor+ Limited Local File Inclusion vulnerability
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Crocoblock JetWidgets for Elementor and WooCommerce allows PHP Local File Inclusion.This issue affects JetWidgets for Elementor and WooCommerce: from n/a through 1.1.7...
WordPress plugin JetWidgets for Elementor and WooCommerce 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
PT-2024-28208 · Crocoblock · Crocoblock Jetwidgets For Elementor/Woocommerce
Name of the Vulnerable Software and Affected Versions: Crocoblock JetWidgets for Elementor and WooCommerce versions 1.1.7 and earlier Description: The issue is related to an Improper Limitation of a Pathname to a Restricted Directory, also known as a 'Path Traversal' vulnerability, which allows P...
WordPress JetWidgets for Elementor and WooCommerce plugin <= 1.1.7 - Contributor+ Limited Local File Inclusion vulnerability
Contributor+ Limited Local File Inclusion vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin JetWidgets for Elementor and WooCommerce versions = 1.1.7...
WordPress JetWidgets for Elementor and WooCommerce Plugin <= 1.1.7 is vulnerable to Local File Inclusion
Software JetWidgets for Elementor and WooCommerce Type Plugin Vulnerable versions = 1.1.7 Fixed in 1.1.8 OWASP Top 10 A1: Broken Access Control Classification Local File Inclusion CVE CVE-2024-38772 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 8f1a24339fa6 Credits João...
CVE-2024-4626
The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘layouttype’ and 'id' parameters in all versions up to, and including, 1.0.17 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2024-4626 JetWidgets For Elementor <= 1.0.17 - Authenticated (Contributor+) Stored Cross-Site Scripting via layout_type and id Parameters
The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘layouttype’ and 'id' parameters in all versions up to, and including, 1.0.17 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2024-4626
CVE-2024-4626 affects the JetWidgets For Elementor plugin for WordPress. It enables Stored Cross-Site Scripting via the layout_type and id parameters in all versions
WordPress plugin JetWidgets For Elementor security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress JetWidgets For Elementor plugin <= 1.0.17 - Authenticated Stored Cross-Site Scripting vulnerability
Authenticated Stored Cross-Site Scripting vulnerability discovered by stealthcopter in WordPress Plugin JetWidgets For Elementor versions = 1.0.17...
WordPress JetWidgets For Elementor Plugin <= 1.0.17 is vulnerable to Cross Site Scripting (XSS)
Software JetWidgets For Elementor Type Plugin Vulnerable versions = 1.0.17 Fixed in 1.0.18 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4626 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 8b1769bce3b2 Credits stealthcopter...
CVE-2024-2507
The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the widget button URL in all versions up to, and including, 1.0.16 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2024-2507
The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the widget button URL in all versions up to, and including, 1.0.16 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2024-2138
The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Animated Box widget in all versions up to, and including, 1.0.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2024-2138 JetWidgets For Elementor <= 1.0.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via Animated Box Widget
The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Animated Box widget in all versions up to, and including, 1.0.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2024-2507
The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the widget button URL in all versions up to, and including, 1.0.16 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
WordPress Plugin JetWidgets For Elementor 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
PT-2024-20723 · WordPress · Jetwidgets For Elementor
Name of the Vulnerable Software and Affected Versions: JetWidgets For Elementor plugin for WordPress versions up to, and including, 1.0.16 Description: The issue is related to Stored Cross-Site Scripting via the widget button URL due to insufficient input sanitization and output escaping on...
PT-2024-18864 · WordPress · Jetwidgets For Elementor
Name of the Vulnerable Software and Affected Versions: JetWidgets For Elementor plugin for WordPress versions up to, and including, 1.0.15 Description: The issue is related to Stored Cross-Site Scripting via the Animated Box widget due to insufficient input sanitization and output escaping. This...
WordPress Plugin JetWidgets For Elementor 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in...