Vulnerabilities (CVE)

Filtered by vendor Crocoblock Subscribe
Total 9 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-39157 1 Crocoblock 1 Jetelements 2024-01-05 N/A 8.8 HIGH
Improper Control of Generation of Code ('Code Injection') vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through 2.6.10.
CVE-2023-48762 1 Crocoblock 1 Jetelements For Elementor 2023-12-20 N/A 8.8 HIGH
Cross-Site Request Forgery (CSRF) vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through 2.6.13.
CVE-2023-33212 1 Crocoblock 1 Jetformbuilder 2023-12-10 N/A 8.8 HIGH
Cross-Site Request Forgery (CSRF) vulnerability in Crocoblock JetFormBuilder — Dynamic Blocks Form Builder plugin <= 3.0.6 versions.
CVE-2023-1406 1 Crocoblock 1 Jetengine For Elementor 2023-12-10 N/A 8.8 HIGH
The JetEngine WordPress plugin before 3.1.3.1 includes uploaded files without adequately ensuring that they are not executable, leading to a remote code execution vulnerability.
CVE-2023-0034 1 Crocoblock 1 Jetwidgets For Elementor 2023-12-10 N/A 5.4 MEDIUM
The JetWidgets For Elementor WordPress plugin before 1.0.14 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
CVE-2023-0086 1 Crocoblock 1 Jetwidgets For Elementor 2023-12-10 N/A 6.5 MEDIUM
The JetWidgets for Elementor plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.12. This is due to missing nonce validation on the save() function. This makes it possible for unauthenticated attackers to to modify the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This can be used to enable SVG uploads that could make Cross-Site Scripting possible.
CVE-2021-41844 1 Crocoblock 1 Jetengine 2023-12-10 7.5 HIGH 9.8 CRITICAL
Crocoblock JetEngine before 2.9.1 does not properly validate and sanitize form data.
CVE-2021-24268 1 Crocoblock 1 Jetwidgets For Elementor 2023-12-10 3.5 LOW 5.4 MEDIUM
The “JetWidgets For Elementor” WordPress Plugin before 1.0.9 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.
CVE-2021-38607 1 Crocoblock 1 Jetengine 2023-12-10 3.5 LOW 5.4 MEDIUM
Crocoblock JetEngine before 2.6.1 allows XSS by remote authenticated users via a custom form input.