Lucene search
K

89 matches found

wpexploit
wpexploit
added 2022/12/21 12:0 a.m.107 views

JetWidgets For Elementor < 1.0.14 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks jw-posts showimage='yes'...

5.4CVSS1.5AI score0.00477EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2022/12/21 12:0 a.m.18 views

JetWidgets For Elementor < 1.0.14 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC jw-posts showimage='yes'...

5.4CVSS3.1AI score0.00477EPSS
Exploits2Affected Software1
CNVD
CNVD
added 2021/05/10 12:0 a.m.6 views

WordPress JetWidgets For Elementor Plugin Cross-Site Scripting Vulnerability

WordPress Plugin is a WordPress open source application plugin . A cross-site scripting vulnerability exists in WordPress JetWidgets For Elementor Plugin versions prior to 1.0.9. An attacker can exploit this vulnerability to launch a cross-site scripting attack...

5.4CVSS6AI score0.0059EPSS
Exploits0References1
OSV
OSV
added 2021/05/05 7:15 p.m.8 views

CVE-2021-24268

The “JetWidgets For Elementor” WordPress Plugin before 1.0.9 has several widgets that are vulnerable to stored Cross-Site Scripting XSS by lower-privileged users such as contributors, all via a similar method...

5.4CVSS6.1AI score0.0059EPSS
Exploits0References2
NVD
NVD
added 2021/05/05 7:15 p.m.19 views

CVE-2021-24268

The “JetWidgets For Elementor” WordPress Plugin before 1.0.9 has several widgets that are vulnerable to stored Cross-Site Scripting XSS by lower-privileged users such as contributors, all via a similar method...

5.4CVSS0.0059EPSS
Exploits0References2
Prion
Prion
added 2021/05/05 7:15 p.m.19 views

Cross site scripting

The “JetWidgets For Elementor” WordPress Plugin before 1.0.9 has several widgets that are vulnerable to stored Cross-Site Scripting XSS by lower-privileged users such as contributors, all via a similar method...

3.5CVSS5.2AI score0.0059EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2021/05/05 6:28 p.m.57 views

CVE-2021-24268

CVE-2021-24268 concerns the WordPress JetWidgets For Elementor plugin, affected versions prior to 1.0.9. The vulnerability is a stored Cross-Site Scripting (XSS) in multiple widgets, exploitable by lower-privilege users (e.g., contributors) via a similar method. The issue is documented across mul...

5.4CVSS5.2AI score0.0059EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2021/05/05 12:0 a.m.8 views

WordPress Widgets For Elementor 跨站脚本漏洞

WordPress Plugin is a WordPress open source application plugin . A cross-site scripting vulnerability exists in WordPress JetWidgets For Elementor Plugin versions prior to 1.0.9. An attacker can exploit this vulnerability to launch a cross-site scripting attack...

5.4CVSS5.3AI score0.0059EPSS
Exploits0References3
Patchstack
Patchstack
added 2021/04/13 12:0 a.m.10 views

WordPress JetWidgets For Elementor plugin <= 1.0.8 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities

Multiple Authenticated Stored Cross-Site Scripting XSS vulnerabilities discovered by WordFence in WordPress JetWidgets For Elementor plugin versions = 1.0.8. Solution Update the WordPress JetWidgets For Elementor plugin to the latest available version at least 1.0.9...

2.1AI score
Exploits0References2Affected Software1
Rows per page
Query Builder