Vulnerabilities > Crocoblock

DATE CVE VULNERABILITY TITLE RISK
2024-08-16 CVE-2024-7144 Cross-site Scripting vulnerability in Crocoblock Jetelements
The JetElements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' and 'slide_id' parameters in all versions up to, and including, 2.6.20 due to insufficient input sanitization and output escaping.
network
low complexity
crocoblock CWE-79
5.4
2024-08-16 CVE-2024-7145 Path Traversal vulnerability in Crocoblock Jetelements
The JetElements plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.6.20 via the 'progress_type' parameter.
network
low complexity
crocoblock CWE-22
8.8
2024-06-20 CVE-2024-4626 Cross-site Scripting vulnerability in Crocoblock Jetwidgets for Elementor
The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘layout_type’ and 'id' parameters in all versions up to, and including, 1.0.17 due to insufficient input sanitization and output escaping.
network
low complexity
crocoblock CWE-79
5.4
2024-06-19 CVE-2023-48759 Missing Authorization vulnerability in Crocoblock Jetelements
Missing Authorization vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through 2.6.13.
network
low complexity
crocoblock CWE-862
7.5
2024-06-19 CVE-2023-48760 Missing Authorization vulnerability in Crocoblock Jetelements
Missing Authorization vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through 2.6.13.
network
low complexity
crocoblock CWE-862
critical
9.8
2024-06-19 CVE-2023-48761 Missing Authorization vulnerability in Crocoblock Jetelements
Missing Authorization vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through 2.6.13.
network
low complexity
crocoblock CWE-862
6.3
2023-12-31 CVE-2023-39157 Code Injection vulnerability in Crocoblock Jetelements
Improper Control of Generation of Code ('Code Injection') vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through 2.6.10.
network
low complexity
crocoblock CWE-94
8.8
2023-12-18 CVE-2023-48762 Cross-Site Request Forgery (CSRF) vulnerability in Crocoblock Jetelements for Elementor
Cross-Site Request Forgery (CSRF) vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through 2.6.13.
network
low complexity
crocoblock CWE-352
8.8
2023-05-28 CVE-2023-33212 Cross-Site Request Forgery (CSRF) vulnerability in Crocoblock Jetformbuilder
Cross-Site Request Forgery (CSRF) vulnerability in Crocoblock JetFormBuilder — Dynamic Blocks Form Builder plugin <= 3.0.6 versions.
network
low complexity
crocoblock CWE-352
8.8
2023-04-10 CVE-2023-1406 Unrestricted Upload of File with Dangerous Type vulnerability in Crocoblock Jetengine for Elementor
The JetEngine WordPress plugin before 3.1.3.1 includes uploaded files without adequately ensuring that they are not executable, leading to a remote code execution vulnerability.
network
low complexity
crocoblock CWE-434
8.8