89 matches found
JetWidgets For Elementor < 1.0.14 - Contributor+ Stored XSS via Shortcode
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks jw-posts showimage='yes'...
JetWidgets For Elementor < 1.0.14 - Contributor+ Stored XSS via Shortcode
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC jw-posts showimage='yes'...
WordPress JetWidgets For Elementor Plugin Cross-Site Scripting Vulnerability
WordPress Plugin is a WordPress open source application plugin . A cross-site scripting vulnerability exists in WordPress JetWidgets For Elementor Plugin versions prior to 1.0.9. An attacker can exploit this vulnerability to launch a cross-site scripting attack...
CVE-2021-24268
The “JetWidgets For Elementor” WordPress Plugin before 1.0.9 has several widgets that are vulnerable to stored Cross-Site Scripting XSS by lower-privileged users such as contributors, all via a similar method...
CVE-2021-24268
The “JetWidgets For Elementor” WordPress Plugin before 1.0.9 has several widgets that are vulnerable to stored Cross-Site Scripting XSS by lower-privileged users such as contributors, all via a similar method...
Cross site scripting
The “JetWidgets For Elementor” WordPress Plugin before 1.0.9 has several widgets that are vulnerable to stored Cross-Site Scripting XSS by lower-privileged users such as contributors, all via a similar method...
CVE-2021-24268
CVE-2021-24268 concerns the WordPress JetWidgets For Elementor plugin, affected versions prior to 1.0.9. The vulnerability is a stored Cross-Site Scripting (XSS) in multiple widgets, exploitable by lower-privilege users (e.g., contributors) via a similar method. The issue is documented across mul...
WordPress Widgets For Elementor 跨站脚本漏洞
WordPress Plugin is a WordPress open source application plugin . A cross-site scripting vulnerability exists in WordPress JetWidgets For Elementor Plugin versions prior to 1.0.9. An attacker can exploit this vulnerability to launch a cross-site scripting attack...
WordPress JetWidgets For Elementor plugin <= 1.0.8 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities
Multiple Authenticated Stored Cross-Site Scripting XSS vulnerabilities discovered by WordFence in WordPress JetWidgets For Elementor plugin versions = 1.0.8. Solution Update the WordPress JetWidgets For Elementor plugin to the latest available version at least 1.0.9...