Crocoblock Security Vulnerabilities

CVE-2023-48760

Missing Authorization vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through...

CVE-2023-48759

Missing Authorization vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through...

CVE-2023-48761

Missing Authorization vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through...

CVE-2023-48763

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS vulnerability in Crocoblock JetFormBuilder allows Code Injection.This issue affects JetFormBuilder: from n/a through...

CVE-2023-48757

Improper Privilege Management vulnerability in Crocoblock JetEngine allows Privilege Escalation.This issue affects JetEngine: from n/a through...

CVE-2023-37866

Improper Privilege Management vulnerability in Crocoblock JetFormBuilder allows Privilege Escalation.This issue affects JetFormBuilder: from n/a through...

CVE-2023-39157

Improper Control of Generation of Code ('Code Injection') vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through...

CVE-2023-48762

Cross-Site Request Forgery (CSRF) vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through...

CVE-2023-48756

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetBlocks For Elementor allows Reflected XSS.This issue affects JetBlocks For Elementor: from n/a through...

CVE-2023-0034

The JetWidgets For Elementor WordPress plugin before 1.0.14 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

CVE-2023-1406

The JetEngine WordPress plugin before 3.1.3.1 includes uploaded files without adequately ensuring that they are not executable, leading to a remote code execution...

CVE-2023-0086

The JetWidgets for Elementor plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.12. This is due to missing nonce validation on the save() function. This makes it possible for unauthenticated attackers to to modify the plugin's settings via a...

CVE-2021-41844

Crocoblock JetEngine before 2.9.1 does not properly validate and sanitize form...

CVE-2023-33212

Cross-Site Request Forgery (CSRF) vulnerability in Crocoblock JetFormBuilder — Dynamic Blocks Form Builder plugin <= 3.0.6...

CVE-2021-38607

Crocoblock JetEngine before 2.6.1 allows XSS by remote authenticated users via a custom form...

CVE-2021-24268

The “JetWidgets For Elementor” WordPress Plugin before 1.0.9 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar...