7 matches found
CVE-2023-48759
CVE-2023-48759 is a Missing Authorization vulnerability in Crocoblock JetElements For Elementor (affected: Elementor JetElements <= 2.6.13). The issue allows unauthenticated users to download arbitrary attachments due to a missing authorization check on the download path (arbitrary attachment ...
CVE-2023-48760
CVE-2023-48760 is a Missing Authorization / Broken Access Control issue affecting Crocoblock JetElements and related Elementor Jet plugins. Connected Patchstack entries confirm unauthenticated access issues for multiple Crocoblock plugins, including: JetElements: vulnerable <= 2.6.13; fixed in...
CVE-2025-0371
CVE-2025-0371 concerns the WordPress JetElements plugin, with stored cross-site scripting in multiple widgets in all versions up to 2.7.2.1. The root cause is insufficient input sanitization and output escaping on user-supplied attributes, enabling an authenticated attacker (contributor level or ...
CVE-2023-48761
CVE-2023-48761 is a Broken Access Control (Missing Authorization) vulnerability involving Crocoblock Jira elements suite (JetElements and related plugins). The Initial CVE notes exposure in JetElements For Elementor up to version 2.6.13. Connected sources show Crocoblock plugins affected under CV...
CVE-2024-7145
CVE-2024-7145 : JetElements (WordPress) is vulnerable to authenticated Local File Inclusion via the progress_type parameter in versions up to 2.6.20. Exploitation allows an authenticated attacker (Contributor+ level) to include and execute arbitrary PHP files on the server, bypassing some access ...
CVE-2024-7144
JetElements for WordPress (JetElements plugin) is affected by CVE-2024-7144: all versions up to 2.6.20 are vulnerable to Stored Cross-Site Scripting via the id and slide_id parameters due to insufficient input sanitization/output escaping. Exploitation requires authenticated access (Contributor+)...
CVE-2023-39157
CVE-2023-39157 is tied to Crocoblock JetElements for Elementor. The issue is an Improper Control of Generation of Code (Code Injection) that enables Remote Code Execution on JetElements For Elementor versions