Vulnerabilities > Crocoblock
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-08-16 | CVE-2024-7144 | Cross-site Scripting vulnerability in Crocoblock Jetelements The JetElements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' and 'slide_id' parameters in all versions up to, and including, 2.6.20 due to insufficient input sanitization and output escaping. | 5.4 |
2024-08-16 | CVE-2024-7145 | Path Traversal vulnerability in Crocoblock Jetelements The JetElements plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.6.20 via the 'progress_type' parameter. | 8.8 |
2024-06-20 | CVE-2024-4626 | Cross-site Scripting vulnerability in Crocoblock Jetwidgets for Elementor The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘layout_type’ and 'id' parameters in all versions up to, and including, 1.0.17 due to insufficient input sanitization and output escaping. | 5.4 |
2024-06-19 | CVE-2023-48759 | Unspecified vulnerability in Crocoblock Jetelements Missing Authorization vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through 2.6.13. | 7.5 |
2024-06-19 | CVE-2023-48760 | Unspecified vulnerability in Crocoblock Jetelements Missing Authorization vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through 2.6.13. | 9.8 |
2024-06-19 | CVE-2023-48761 | Unspecified vulnerability in Crocoblock Jetelements Missing Authorization vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through 2.6.13. | 6.3 |
2023-12-31 | CVE-2023-39157 | Unspecified vulnerability in Crocoblock Jetelements Improper Control of Generation of Code ('Code Injection') vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through 2.6.10. | 8.8 |
2023-12-18 | CVE-2023-48762 | Unspecified vulnerability in Crocoblock Jetelements for Elementor Cross-Site Request Forgery (CSRF) vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through 2.6.13. | 8.8 |
2023-05-28 | CVE-2023-33212 | Cross-Site Request Forgery (CSRF) vulnerability in Crocoblock Jetformbuilder Cross-Site Request Forgery (CSRF) vulnerability in Crocoblock JetFormBuilder — Dynamic Blocks Form Builder plugin <= 3.0.6 versions. | 8.8 |
2023-04-10 | CVE-2023-1406 | Unrestricted Upload of File with Dangerous Type vulnerability in Crocoblock Jetengine for Elementor The JetEngine WordPress plugin before 3.1.3.1 includes uploaded files without adequately ensuring that they are not executable, leading to a remote code execution vulnerability. | 8.8 |