Jetwidgets For Elementor Security Vulnerabilities and Issues — Jetwidgets For Elementor CVE List

Lucene search

CrocoblockJetwidgets For Elementor

8 matches found

CVE•added 2024/11/12 7:15 a.m.•77 views

CVE-2024-10323

The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 1.0.18 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level...

6.4CVSS5.7AI score0.00027EPSS

CVE•added 2024/04/09 7:15 p.m.•57 views

CVE-2024-2507

The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the widget button URL in all versions up to, and including, 1.0.16 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated atta...

6.4CVSS7.6AI score0.00144EPSS

CVE•added 2024/04/09 7:15 p.m.•54 views

CVE-2024-2138

The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Animated Box widget in all versions up to, and including, 1.0.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-le...

6.4CVSS7.6AI score0.00229EPSS

CVE•added 2023/02/13 3:15 p.m.•51 views

CVE-2023-0034

The JetWidgets For Elementor WordPress plugin before 1.0.14 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attac...

5.4CVSS5.3AI score0.00275EPSS

CVE•added 2024/06/20 2:15 a.m.•48 views

CVE-2024-4626

The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘layout_type’ and 'id' parameters in all versions up to, and including, 1.0.17 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with ...

6.4CVSS5.5AI score0.00079EPSS

CVE•added 2021/05/05 7:15 p.m.•44 views

CVE-2021-24268

The “JetWidgets For Elementor” WordPress Plugin before 1.0.9 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.

5.4CVSS5.2AI score0.00222EPSS

CVE•added 2024/08/01 9:15 p.m.•36 views

CVE-2024-38772

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Crocoblock JetWidgets for Elementor and WooCommerce allows PHP Local File Inclusion.This issue affects JetWidgets for Elementor and WooCommerce: from n/a through 1.1.7.

6.5CVSS6.6AI score0.00396EPSS

CVE•added 2023/01/05 5:15 p.m.•35 views

CVE-2023-0086

The JetWidgets for Elementor plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.12. This is due to missing nonce validation on the save() function. This makes it possible for unauthenticated attackers to to modify the plugin's settings via a forge...

6.5CVSS5.9AI score0.00057EPSS