Vendor CVEs
Crocoblock
All CVEs
78 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-53984 | Med | 0.42 | 6.5 | 0.00 | Jul 16, 2025 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetTabs jet-tabs allows Stored XSS.This issue affects JetTabs: from n/a through <= 2.2.9. | ||
| CVE-2025-53982 | Med | 0.42 | 6.5 | 0.00 | Jul 16, 2025 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetElements For Elementor jet-elements allows Stored XSS.This issue affects JetElements For Elementor: from n/a through <= 2.7.7. | ||
| CVE-2025-39450 | Med | 0.42 | 6.5 | 0.00 | May 19, 2025 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetTabs jet-tabs allows DOM-Based XSS.This issue affects JetTabs: from n/a through <= 2.2.7. | ||
| CVE-2025-39448 | Med | 0.42 | 6.5 | 0.00 | May 19, 2025 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetElements For Elementor jet-elements allows Stored XSS.This issue affects JetElements For Elementor: from n/a through <= 2.7.4.1. | ||
| CVE-2025-26870 | Med | 0.42 | 6.5 | 0.00 | Apr 15, 2025 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetEngine jet-engine allows DOM-Based XSS.This issue affects JetEngine: from n/a through <= 3.6.4.1. | ||
| CVE-2025-26744 | Med | 0.42 | 6.5 | 0.00 | Apr 15, 2025 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetBlog jet-blog allows DOM-Based XSS.This issue affects JetBlog: from n/a through <= 2.4.3. | ||
| CVE-2025-30963 | Med | 0.42 | 6.5 | 0.00 | Mar 31, 2025 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetSmartFilters jet-smart-filters allows DOM-Based XSS.This issue affects JetSmartFilters: from n/a through <= 3.6.3. | ||
| CVE-2025-31412 | Med | 0.42 | 6.5 | 0.00 | Mar 31, 2025 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetProductGallery jet-woo-product-gallery allows DOM-Based XSS.This issue affects JetProductGallery: from n/a through <= 2.1.22. | ||
| CVE-2025-31043 | Med | 0.42 | 6.5 | 0.00 | Mar 31, 2025 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetSearch jet-search allows DOM-Based XSS.This issue affects JetSearch: from n/a through <= 3.5.7. | ||
| CVE-2025-30987 | Med | 0.42 | 6.5 | 0.00 | Mar 31, 2025 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetBlocks For Elementor jet-blocks allows Stored XSS.This issue affects JetBlocks For Elementor: from n/a through <= 1.3.16. | ||
| CVE-2025-0369 | Med | 0.42 | 6.4 | 0.00 | Jan 18, 2025 | The JetEngine plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘list_tag’ parameter in all versions up to, and including, 3.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with… | ||
| CVE-2024-7136 | Med | 0.42 | 6.4 | 0.00 | Aug 16, 2024 | The JetSearch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 3.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with… | ||
| CVE-2024-38772 | Med | 0.42 | 6.5 | 0.01 | Aug 1, 2024 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Crocoblock JetWidgets for Elementor and WooCommerce allows PHP Local File Inclusion.This issue affects JetWidgets for Elementor and WooCommerce: from n/a through 1.1.7. | ||
| CVE-2024-2507 | Med | 0.42 | 6.4 | 0.00 | Apr 9, 2024 | The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the widget button URL in all versions up to, and including, 1.0.16 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible… | ||
| CVE-2023-48762 | Med | 0.41 | 6.3 | 0.00 | Dec 18, 2023 | Cross-Site Request Forgery (CSRF) vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through 2.6.13. | ||
| CVE-2024-4626 | Med | 0.35 | 6.4 | 0.00 | Jun 20, 2024 | The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘layout_type’ and 'id' parameters in all versions up to, and including, 1.0.17 due to insufficient input sanitization and output escaping. This makes it possible for… | ||
| CVE-2024-2138 | Med | 0.35 | 6.4 | 0.00 | Apr 9, 2024 | The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Animated Box widget in all versions up to, and including, 1.0.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,… | ||
| CVE-2023-0086 | Med | 0.35 | 5.4 | 0.00 | Jan 5, 2023 | The JetWidgets for Elementor plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.12. This is due to missing nonce validation on the save() function. This makes it possible for unauthenticated attackers to to modify the plugin's… | ||
| CVE-2025-68502 | Med | 0.28 | 4.3 | 0.00 | Dec 29, 2025 | Authorization Bypass Through User-Controlled Key vulnerability in Crocoblock JetPopup jet-popup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JetPopup: from n/a through <= 2.0.20.1. | ||
| CVE-2025-0371 | 0.00 | — | 0.00 | Jan 21, 2025 | The JetElements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets in all versions up to, and including, 2.7.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated… | |||
| CVE-2024-10323 | 0.00 | — | 0.00 | Nov 12, 2024 | The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 1.0.18 due to insufficient input sanitization and output escaping. This makes it possible for authenticated… | |||
| CVE-2024-7144 | 0.00 | — | 0.00 | Aug 16, 2024 | The JetElements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' and 'slide_id' parameters in all versions up to, and including, 2.6.20 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,… | |||
| CVE-2024-7145 | 0.00 | — | 0.01 | Aug 16, 2024 | The JetElements plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.6.20 via the 'progress_type' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute… | |||
| CVE-2023-48759 | 0.00 | — | 0.00 | Jun 19, 2024 | Missing Authorization vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through 2.6.13. | |||
| CVE-2023-48760 | 0.00 | — | 0.00 | Jun 19, 2024 | Missing Authorization vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through 2.6.13. | |||
| CVE-2023-48761 | 0.00 | — | 0.00 | Jun 19, 2024 | Missing Authorization vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through 2.6.13. | |||
| CVE-2021-41844 | 0.00 | — | 0.01 | Dec 15, 2021 | Crocoblock JetEngine before 2.9.1 does not properly validate and sanitize form data. | |||
| CVE-2021-38607 | 0.00 | — | 0.01 | Aug 16, 2021 | Crocoblock JetEngine before 2.6.1 allows XSS by remote authenticated users via a custom form input. |
- risk 0.42cvss 6.5epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetTabs jet-tabs allows Stored XSS.This issue affects JetTabs: from n/a through <= 2.2.9.
- risk 0.42cvss 6.5epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetElements For Elementor jet-elements allows Stored XSS.This issue affects JetElements For Elementor: from n/a through <= 2.7.7.
- risk 0.42cvss 6.5epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetTabs jet-tabs allows DOM-Based XSS.This issue affects JetTabs: from n/a through <= 2.2.7.
- risk 0.42cvss 6.5epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetElements For Elementor jet-elements allows Stored XSS.This issue affects JetElements For Elementor: from n/a through <= 2.7.4.1.
- risk 0.42cvss 6.5epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetEngine jet-engine allows DOM-Based XSS.This issue affects JetEngine: from n/a through <= 3.6.4.1.
- risk 0.42cvss 6.5epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetBlog jet-blog allows DOM-Based XSS.This issue affects JetBlog: from n/a through <= 2.4.3.
- risk 0.42cvss 6.5epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetSmartFilters jet-smart-filters allows DOM-Based XSS.This issue affects JetSmartFilters: from n/a through <= 3.6.3.
- risk 0.42cvss 6.5epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetProductGallery jet-woo-product-gallery allows DOM-Based XSS.This issue affects JetProductGallery: from n/a through <= 2.1.22.
- risk 0.42cvss 6.5epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetSearch jet-search allows DOM-Based XSS.This issue affects JetSearch: from n/a through <= 3.5.7.
- risk 0.42cvss 6.5epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetBlocks For Elementor jet-blocks allows Stored XSS.This issue affects JetBlocks For Elementor: from n/a through <= 1.3.16.
- risk 0.42cvss 6.4epss 0.00
The JetEngine plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘list_tag’ parameter in all versions up to, and including, 3.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with…
- risk 0.42cvss 6.4epss 0.00
The JetSearch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 3.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with…
- risk 0.42cvss 6.5epss 0.01
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Crocoblock JetWidgets for Elementor and WooCommerce allows PHP Local File Inclusion.This issue affects JetWidgets for Elementor and WooCommerce: from n/a through 1.1.7.
- risk 0.42cvss 6.4epss 0.00
The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the widget button URL in all versions up to, and including, 1.0.16 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible…
- risk 0.41cvss 6.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through 2.6.13.
- risk 0.35cvss 6.4epss 0.00
The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘layout_type’ and 'id' parameters in all versions up to, and including, 1.0.17 due to insufficient input sanitization and output escaping. This makes it possible for…
- risk 0.35cvss 6.4epss 0.00
The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Animated Box widget in all versions up to, and including, 1.0.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,…
- risk 0.35cvss 5.4epss 0.00
The JetWidgets for Elementor plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.12. This is due to missing nonce validation on the save() function. This makes it possible for unauthenticated attackers to to modify the plugin's…
- risk 0.28cvss 4.3epss 0.00
Authorization Bypass Through User-Controlled Key vulnerability in Crocoblock JetPopup jet-popup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JetPopup: from n/a through <= 2.0.20.1.
- CVE-2025-0371Jan 21, 2025risk 0.00cvss —epss 0.00
The JetElements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets in all versions up to, and including, 2.7.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated…
- CVE-2024-10323Nov 12, 2024risk 0.00cvss —epss 0.00
The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 1.0.18 due to insufficient input sanitization and output escaping. This makes it possible for authenticated…
- CVE-2024-7144Aug 16, 2024risk 0.00cvss —epss 0.00
The JetElements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' and 'slide_id' parameters in all versions up to, and including, 2.6.20 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,…
- CVE-2024-7145Aug 16, 2024risk 0.00cvss —epss 0.01
The JetElements plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.6.20 via the 'progress_type' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute…
- CVE-2023-48759Jun 19, 2024risk 0.00cvss —epss 0.00
Missing Authorization vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through 2.6.13.
- CVE-2023-48760Jun 19, 2024risk 0.00cvss —epss 0.00
Missing Authorization vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through 2.6.13.
- CVE-2023-48761Jun 19, 2024risk 0.00cvss —epss 0.00
Missing Authorization vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through 2.6.13.
- CVE-2021-41844Dec 15, 2021risk 0.00cvss —epss 0.01
Crocoblock JetEngine before 2.9.1 does not properly validate and sanitize form data.
- CVE-2021-38607Aug 16, 2021risk 0.00cvss —epss 0.01
Crocoblock JetEngine before 2.6.1 allows XSS by remote authenticated users via a custom form input.
Page 2 of 2