Crocoblock

Jetelements

9 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2026-24958

  • EPSS 0.03%
  • Veröffentlicht 03.02.2026 14:08:34
  • Zuletzt bearbeitet 03.02.2026 19:16:22

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetElements For Elementor jet-elements allows DOM-Based XSS.This issue affects JetElements For Elementor: from n/a through <= 2.7.12.2.

5.4

CVE-2025-0371

  • EPSS 0.11%
  • Veröffentlicht 21.01.2025 09:15:07
  • Zuletzt bearbeitet 31.01.2025 20:16:11

The JetElements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets in all versions up to, and including, 2.7.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it ...

8.8

CVE-2024-7145

  • EPSS 0.57%
  • Veröffentlicht 16.08.2024 14:15:15
  • Zuletzt bearbeitet 13.09.2024 14:39:44

The JetElements plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.6.20 via the 'progress_type' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to...

5.4

CVE-2024-7144

  • EPSS 0.22%
  • Veröffentlicht 16.08.2024 14:15:14
  • Zuletzt bearbeitet 13.09.2024 14:40:14

The JetElements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' and 'slide_id' parameters in all versions up to, and including, 2.6.20 due to insufficient input sanitization and output escaping. This makes it possible f...

7.2

CVE-2024-7291

  • EPSS 0.21%
  • Veröffentlicht 03.08.2024 07:16:25
  • Zuletzt bearbeitet 05.08.2024 12:41:45

The JetFormBuilder plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.3.4.1. This is due to improper restriction on user meta fields. This makes it possible for authenticated attackers, with administrat...

7.5

CVE-2023-48759

  • EPSS 0.48%
  • Veröffentlicht 19.06.2024 11:15:50
  • Zuletzt bearbeitet 21.11.2024 08:32:23

Missing Authorization vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through 2.6.13.

9.8

CVE-2023-48760

  • EPSS 0.26%
  • Veröffentlicht 19.06.2024 11:15:50
  • Zuletzt bearbeitet 21.11.2024 08:32:23

Missing Authorization vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through 2.6.13.

6.3

CVE-2023-48761

  • EPSS 0.1%
  • Veröffentlicht 19.06.2024 11:15:50
  • Zuletzt bearbeitet 21.11.2024 08:32:23

Missing Authorization vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through 2.6.13.

8.8

CVE-2023-39157

  • EPSS 0.33%
  • Veröffentlicht 31.12.2023 10:15:07
  • Zuletzt bearbeitet 21.11.2024 08:14:49

Improper Control of Generation of Code ('Code Injection') vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through 2.6.10.