Crocoblock Jetwidgets_for_elementor
7 CVEs affecting Crocoblock Jetwidgets_for_elementor. Latest disclosed: 2024-11-12. Critical: 0, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-10323 | Medium | 6.4 | 2024-11-12 | The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and includi… |
CVE-2024-4626 | Medium | 6.4 | 2024-06-20 | The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘layout_type’ and 'id' parameters in all versions up to… |
CVE-2024-2507 | Medium | 6.4 | 2024-04-09 | The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the widget button URL in all versions up to, and including… |
CVE-2024-2138 | Medium | 6.4 | 2024-04-09 | The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Animated Box widget in all versions up to, and including… |
CVE-2023-0034 | Medium | 5.4 | 2023-02-13 | The JetWidgets For Elementor WordPress plugin before 1.0.14 does not validate and escape some of its shortcode attributes before outputting them back in a page… |
CVE-2023-0086 | Medium | 5.4 | 2023-01-05 | The JetWidgets for Elementor plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.12. This is due to missing… |
CVE-2021-24268 | Medium | 5.4 | 2021-05-05 | The “JetWidgets For Elementor” WordPress Plugin before 1.0.9 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged u… |