Filtered by vendor Crocoblock Subscriptions
Total 64 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2021-41844 1 Crocoblock 1 Jetengine 2024-11-21 9.8 Critical
Crocoblock JetEngine before 2.9.1 does not properly validate and sanitize form data.
CVE-2021-38607 1 Crocoblock 1 Jetengine 2024-11-21 5.4 Medium
Crocoblock JetEngine before 2.6.1 allows XSS by remote authenticated users via a custom form input.
CVE-2021-24268 1 Crocoblock 1 Jetwidgets For Elementor 2024-11-21 5.4 Medium
The “JetWidgets For Elementor” WordPress Plugin before 1.0.9 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.
CVE-2024-7144 1 Crocoblock 1 Jetelements 2024-09-13 6.4 Medium
The JetElements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' and 'slide_id' parameters in all versions up to, and including, 2.6.20 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.