Vulnerabilities > Crocoblock
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-31 | CVE-2023-39157 | Code Injection vulnerability in Crocoblock Jetelements Improper Control of Generation of Code ('Code Injection') vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through 2.6.10. | 8.8 |
| 2023-12-18 | CVE-2023-48762 | Cross-Site Request Forgery (CSRF) vulnerability in Crocoblock Jetelements for Elementor Cross-Site Request Forgery (CSRF) vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through 2.6.13. | 8.8 |
| 2023-05-28 | CVE-2023-33212 | Cross-Site Request Forgery (CSRF) vulnerability in Crocoblock Jetformbuilder Cross-Site Request Forgery (CSRF) vulnerability in Crocoblock JetFormBuilder — Dynamic Blocks Form Builder plugin <= 3.0.6 versions. | 8.8 |
| 2023-04-10 | CVE-2023-1406 | Unrestricted Upload of File with Dangerous Type vulnerability in Crocoblock Jetengine for Elementor The JetEngine WordPress plugin before 3.1.3.1 includes uploaded files without adequately ensuring that they are not executable, leading to a remote code execution vulnerability. | 8.8 |
| 2023-02-13 | CVE-2023-0034 | Unspecified vulnerability in Crocoblock Jetwidgets for Elementor The JetWidgets For Elementor WordPress plugin before 1.0.14 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | 5.4 |
| 2023-01-05 | CVE-2023-0086 | Unspecified vulnerability in Crocoblock Jetwidgets for Elementor The JetWidgets for Elementor plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.12. | 6.5 |
| 2021-12-15 | CVE-2021-41844 | Unspecified vulnerability in Crocoblock Jetengine Crocoblock JetEngine before 2.9.1 does not properly validate and sanitize form data. | 9.8 |
| 2021-08-16 | CVE-2021-38607 | Cross-site Scripting vulnerability in Crocoblock Jetengine Crocoblock JetEngine before 2.6.1 allows XSS by remote authenticated users via a custom form input. | 3.5 |