Jetelements
Approved changes feed: RSS · Atom
cpe:2.3:a:crocoblock:jetelements:*:*:*:*:*:wordpress:*:*
part: a version: * update: *
| Vendor | Crocoblock (ef7ce6af-89c8-5e74-9d86-961d95db36f9) |
|---|---|
| Product | Jetelements (a99f9792-e0cb-51ab-8604-1f3478f6bfa9) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | wordpress |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-0371 |
vulnerable | 2026-06-03 14:58:32.149294 |
Jet Elements <= 2.7.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets
MEDIUM (6.4)
The JetElements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets in all versions up to, and including, 2.7.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Published: 2025-01-21T08:21:51.697Z
Updated: 2026-04-08T17:28:25.374Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-7291 |
vulnerable | 2026-06-03 14:58:05.481286 |
JetFormBuilder <= 3.3.4.1 - Authenticated (Administrator+) Privilege Escalation
HIGH (7.2)
The JetFormBuilder plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.3.4.1. This is due to improper restriction on user meta fields. This makes it possible for authenticated attackers, with administrator-level and above permissions, to register as super-admins on the sites configured as multi-sites.
Published: 2024-08-03T06:41:39.862Z
Updated: 2026-04-08T16:35:16.857Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-7145 |
vulnerable | 2026-06-03 14:58:05.148216 |
JetElements <= 2.6.20 - Authenticated (Contributor+) Arbitrary Local File Inclusion
HIGH (8.8)
The JetElements plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.6.20 via the 'progress_type' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
Published: 2024-08-16T13:48:56.036Z
Updated: 2026-04-08T17:02:08.502Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-7144 |
vulnerable | 2026-06-03 14:58:05.147666 |
JetElements <= 2.6.20 - Authenticated (Contributor+) Stored Cross-Site Scripting
MEDIUM (6.4)
The JetElements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' and 'slide_id' parameters in all versions up to, and including, 2.6.20 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Published: 2024-08-16T13:48:56.685Z
Updated: 2026-04-08T17:21:02.844Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-48761 |
vulnerable | 2026-06-03 14:53:19.762088 |
WordPress JetElements For Elementor plugin <= 2.6.13 - Broken Access Control vulnerability
MEDIUM (6.3)
Missing Authorization vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through 2.6.13.
Published: 2024-06-19T10:20:17.368Z
Updated: 2026-04-28T16:08:54.940Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-48760 |
vulnerable | 2026-06-03 14:53:19.761700 |
WordPress JetElements For Elementor plugin <= 2.6.13 - Unauthenticated Broken Access Control vulnerability
HIGH (8.2)
Missing Authorization vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through 2.6.13.
Published: 2024-06-19T10:21:33.025Z
Updated: 2026-04-28T16:08:54.933Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-48759 |
vulnerable | 2026-06-03 14:53:19.761174 |
WordPress JetElements For Elementor plugin <= 2.6.13 - Unauthenticated Arbitrary Attachment Download vulnerability
HIGH (7.5)
Missing Authorization vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through 2.6.13.
Published: 2024-06-19T10:32:09.929Z
Updated: 2026-04-28T16:08:54.995Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-39157 |
vulnerable | 2026-06-03 14:52:37.825166 |
WordPress JetElements For Elementor Plugin <= 2.6.10 is vulnerable to Remote Code Execution (RCE)
CRITICAL (9)
Improper Control of Generation of Code ('Code Injection') vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through 2.6.10.
Published: 2023-12-31T10:04:01.077Z
Updated: 2026-04-28T16:08:34.487Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.