Jetelements
by Crocoblock
CVEs (20)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-39157 | Cri | 0.59 | 9.0 | 0.01 | Dec 31, 2023 | Improper Control of Generation of Code ('Code Injection') vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through 2.6.10. | ||
| CVE-2025-39447 | Hig | 0.49 | 7.5 | 0.00 | May 19, 2025 | Missing Authorization vulnerability in Crocoblock JetElements For Elementor jet-elements allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetElements For Elementor: from n/a through <= 2.7.4.1. | ||
| CVE-2026-24958 | Med | 0.42 | 6.5 | 0.00 | Feb 3, 2026 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetElements For Elementor jet-elements allows DOM-Based XSS.This issue affects JetElements For Elementor: from n/a through <= 2.7.12.2. | ||
| CVE-2025-64355 | Med | 0.42 | 6.5 | 0.00 | Dec 18, 2025 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetElements For Elementor jet-elements allows DOM-Based XSS.This issue affects JetElements For Elementor: from n/a through <= 2.7.12. | ||
| CVE-2025-49939 | Med | 0.42 | 6.5 | 0.00 | Oct 22, 2025 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetElements For Elementor jet-elements allows Stored XSS.This issue affects JetElements For Elementor: from n/a through <= 2.7.8. | ||
| CVE-2025-49934 | Med | 0.42 | 6.5 | 0.00 | Oct 22, 2025 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetBlocks For Elementor jet-blocks allows Stored XSS.This issue affects JetBlocks For Elementor: from n/a through <= 1.3.18. | ||
| CVE-2025-53988 | Med | 0.42 | 6.5 | 0.00 | Aug 20, 2025 | Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetBlocks For Elementor jet-blocks allows Retrieve Embedded Sensitive Data.This issue affects JetBlocks For Elementor: from n/a through <= 1.3.18. | ||
| CVE-2025-53983 | Med | 0.42 | 6.5 | 0.00 | Aug 20, 2025 | Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetElements For Elementor jet-elements allows Retrieve Embedded Sensitive Data.This issue affects JetElements For Elementor: from n/a through <= 2.7.7. | ||
| CVE-2025-55714 | Med | 0.42 | 6.5 | 0.00 | Aug 14, 2025 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetElements For Elementor jet-elements allows Stored XSS.This issue affects JetElements For Elementor: from n/a through <= 2.7.9. | ||
| CVE-2025-53989 | Med | 0.42 | 6.5 | 0.00 | Jul 16, 2025 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetBlocks For Elementor jet-blocks allows Stored XSS.This issue affects JetBlocks For Elementor: from n/a through <= 1.3.19. | ||
| CVE-2025-53982 | Med | 0.42 | 6.5 | 0.00 | Jul 16, 2025 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetElements For Elementor jet-elements allows Stored XSS.This issue affects JetElements For Elementor: from n/a through <= 2.7.7. | ||
| CVE-2025-39448 | Med | 0.42 | 6.5 | 0.00 | May 19, 2025 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetElements For Elementor jet-elements allows Stored XSS.This issue affects JetElements For Elementor: from n/a through <= 2.7.4.1. | ||
| CVE-2025-30987 | Med | 0.42 | 6.5 | 0.00 | Mar 31, 2025 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetBlocks For Elementor jet-blocks allows Stored XSS.This issue affects JetBlocks For Elementor: from n/a through <= 1.3.16. | ||
| CVE-2023-48762 | Med | 0.41 | 6.3 | 0.00 | Dec 18, 2023 | Cross-Site Request Forgery (CSRF) vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through 2.6.13. | ||
| CVE-2025-0371 | 0.00 | — | 0.00 | Jan 21, 2025 | The JetElements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets in all versions up to, and including, 2.7.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated… | |||
| CVE-2024-7144 | 0.00 | — | 0.00 | Aug 16, 2024 | The JetElements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' and 'slide_id' parameters in all versions up to, and including, 2.6.20 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,… | |||
| CVE-2024-7145 | 0.00 | — | 0.01 | Aug 16, 2024 | The JetElements plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.6.20 via the 'progress_type' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute… | |||
| CVE-2023-48759 | 0.00 | — | 0.00 | Jun 19, 2024 | Missing Authorization vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through 2.6.13. | |||
| CVE-2023-48760 | 0.00 | — | 0.00 | Jun 19, 2024 | Missing Authorization vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through 2.6.13. | |||
| CVE-2023-48761 | 0.00 | — | 0.00 | Jun 19, 2024 | Missing Authorization vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through 2.6.13. |
- risk 0.59cvss 9.0epss 0.01
Improper Control of Generation of Code ('Code Injection') vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through 2.6.10.
- risk 0.49cvss 7.5epss 0.00
Missing Authorization vulnerability in Crocoblock JetElements For Elementor jet-elements allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetElements For Elementor: from n/a through <= 2.7.4.1.
- risk 0.42cvss 6.5epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetElements For Elementor jet-elements allows DOM-Based XSS.This issue affects JetElements For Elementor: from n/a through <= 2.7.12.2.
- risk 0.42cvss 6.5epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetElements For Elementor jet-elements allows DOM-Based XSS.This issue affects JetElements For Elementor: from n/a through <= 2.7.12.
- risk 0.42cvss 6.5epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetElements For Elementor jet-elements allows Stored XSS.This issue affects JetElements For Elementor: from n/a through <= 2.7.8.
- risk 0.42cvss 6.5epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetBlocks For Elementor jet-blocks allows Stored XSS.This issue affects JetBlocks For Elementor: from n/a through <= 1.3.18.
- risk 0.42cvss 6.5epss 0.00
Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetBlocks For Elementor jet-blocks allows Retrieve Embedded Sensitive Data.This issue affects JetBlocks For Elementor: from n/a through <= 1.3.18.
- risk 0.42cvss 6.5epss 0.00
Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetElements For Elementor jet-elements allows Retrieve Embedded Sensitive Data.This issue affects JetElements For Elementor: from n/a through <= 2.7.7.
- risk 0.42cvss 6.5epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetElements For Elementor jet-elements allows Stored XSS.This issue affects JetElements For Elementor: from n/a through <= 2.7.9.
- risk 0.42cvss 6.5epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetBlocks For Elementor jet-blocks allows Stored XSS.This issue affects JetBlocks For Elementor: from n/a through <= 1.3.19.
- risk 0.42cvss 6.5epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetElements For Elementor jet-elements allows Stored XSS.This issue affects JetElements For Elementor: from n/a through <= 2.7.7.
- risk 0.42cvss 6.5epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetElements For Elementor jet-elements allows Stored XSS.This issue affects JetElements For Elementor: from n/a through <= 2.7.4.1.
- risk 0.42cvss 6.5epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetBlocks For Elementor jet-blocks allows Stored XSS.This issue affects JetBlocks For Elementor: from n/a through <= 1.3.16.
- risk 0.41cvss 6.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through 2.6.13.
- CVE-2025-0371Jan 21, 2025risk 0.00cvss —epss 0.00
The JetElements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets in all versions up to, and including, 2.7.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated…
- CVE-2024-7144Aug 16, 2024risk 0.00cvss —epss 0.00
The JetElements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' and 'slide_id' parameters in all versions up to, and including, 2.6.20 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,…
- CVE-2024-7145Aug 16, 2024risk 0.00cvss —epss 0.01
The JetElements plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.6.20 via the 'progress_type' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute…
- CVE-2023-48759Jun 19, 2024risk 0.00cvss —epss 0.00
Missing Authorization vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through 2.6.13.
- CVE-2023-48760Jun 19, 2024risk 0.00cvss —epss 0.00
Missing Authorization vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through 2.6.13.
- CVE-2023-48761Jun 19, 2024risk 0.00cvss —epss 0.00
Missing Authorization vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through 2.6.13.