Vulnerabilities > Crocoblock > Jetwidgets FOR Elementor > 1.0.15

DATE CVE VULNERABILITY TITLE RISK
2024-11-12 CVE-2024-10323 Cross-site Scripting vulnerability in Crocoblock Jetwidgets for Elementor
The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 1.0.18 due to insufficient input sanitization and output escaping.
network
low complexity
crocoblock CWE-79
5.4
5.4
2024-04-09 CVE-2024-2138 Cross-site Scripting vulnerability in Crocoblock Jetwidgets for Elementor
The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Animated Box widget in all versions up to, and including, 1.0.15 due to insufficient input sanitization and output escaping.
network
low complexity
crocoblock CWE-79
5.4
5.4
2024-04-09 CVE-2024-2507 Cross-site Scripting vulnerability in Crocoblock Jetwidgets for Elementor
The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the widget button URL in all versions up to, and including, 1.0.16 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
crocoblock CWE-79
5.4
5.4