Vulnerabilities > Crocoblock > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-16 | CVE-2024-7145 | Path Traversal vulnerability in Crocoblock Jetelements The JetElements plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.6.20 via the 'progress_type' parameter. | 8.8 |
| 2024-06-19 | CVE-2023-48759 | Missing Authorization vulnerability in Crocoblock Jetelements Missing Authorization vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through 2.6.13. | 7.5 |
| 2023-12-31 | CVE-2023-39157 | Code Injection vulnerability in Crocoblock Jetelements Improper Control of Generation of Code ('Code Injection') vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through 2.6.10. | 8.8 |
| 2023-12-18 | CVE-2023-48762 | Cross-Site Request Forgery (CSRF) vulnerability in Crocoblock Jetelements for Elementor Cross-Site Request Forgery (CSRF) vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through 2.6.13. | 8.8 |
| 2023-05-28 | CVE-2023-33212 | Cross-Site Request Forgery (CSRF) vulnerability in Crocoblock Jetformbuilder Cross-Site Request Forgery (CSRF) vulnerability in Crocoblock JetFormBuilder — Dynamic Blocks Form Builder plugin <= 3.0.6 versions. | 8.8 |
| 2023-04-10 | CVE-2023-1406 | Unrestricted Upload of File with Dangerous Type vulnerability in Crocoblock Jetengine for Elementor The JetEngine WordPress plugin before 3.1.3.1 includes uploaded files without adequately ensuring that they are not executable, leading to a remote code execution vulnerability. | 8.8 |