Lucene search
+L
CrocoblockJetelements

7 matches found

CVE
CVE
added 2024/06/19 10:32 a.m.2639 views

CVE-2023-48759

CVE-2023-48759 is a Missing Authorization vulnerability in Crocoblock JetElements For Elementor (affected: Elementor JetElements <= 2.6.13). The issue allows unauthenticated users to download arbitrary attachments due to a missing authorization check on the download path (arbitrary attachment ...

7.5CVSS7.5AI score0.00399EPSS
CVE
CVE
added 2024/06/19 10:21 a.m.84 views

CVE-2023-48760

CVE-2023-48760 is a Missing Authorization / Broken Access Control issue affecting Crocoblock JetElements and related Elementor Jet plugins. Connected Patchstack entries confirm unauthenticated access issues for multiple Crocoblock plugins, including: JetElements: vulnerable <= 2.6.13; fixed in...

9.8CVSS8.9AI score0.00445EPSS
CVE
CVE
added 2025/01/21 8:21 a.m.71 views

CVE-2025-0371

CVE-2025-0371 concerns the WordPress JetElements plugin, with stored cross-site scripting in multiple widgets in all versions up to 2.7.2.1. The root cause is insufficient input sanitization and output escaping on user-supplied attributes, enabling an authenticated attacker (contributor level or ...

6.4CVSS5.8AI score0.00282EPSS
CVE
CVE
added 2024/06/19 10:20 a.m.70 views

CVE-2023-48761

CVE-2023-48761 is a Broken Access Control (Missing Authorization) vulnerability involving Crocoblock Jira elements suite (JetElements and related plugins). The Initial CVE notes exposure in JetElements For Elementor up to version 2.6.13. Connected sources show Crocoblock plugins affected under CV...

6.3CVSS6.2AI score0.00268EPSS
CVE
CVE
added 2024/08/16 1:48 p.m.64 views

CVE-2024-7145

CVE-2024-7145 : JetElements (WordPress) is vulnerable to authenticated Local File Inclusion via the progress_type parameter in versions up to 2.6.20. Exploitation allows an authenticated attacker (Contributor+ level) to include and execute arbitrary PHP files on the server, bypassing some access ...

8.8CVSS8.9AI score0.00901EPSS
CVE
CVE
added 2024/08/16 1:48 p.m.62 views

CVE-2024-7144

JetElements for WordPress (JetElements plugin) is affected by CVE-2024-7144: all versions up to 2.6.20 are vulnerable to Stored Cross-Site Scripting via the id and slide_id parameters due to insufficient input sanitization/output escaping. Exploitation requires authenticated access (Contributor+)...

6.4CVSS5.7AI score0.0025EPSS
CVE
CVE
added 2023/12/31 10:4 a.m.55 views

CVE-2023-39157

CVE-2023-39157 is tied to Crocoblock JetElements for Elementor. The issue is an Improper Control of Generation of Code (Code Injection) that enables Remote Code Execution on JetElements For Elementor versions

9CVSS8.6AI score0.00585EPSS