Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
26 vulnerabilities found for JetElements For Elementor by Crocoblock
CVE-2026-24958 (GCVE-0-2026-24958)
Vulnerability from cvelistv5 – Published: 2026-02-03 14:08 – Updated: 2026-04-28 16:14
VLAI
Title
WordPress JetElements For Elementor plugin <= 2.7.12.2 - Cross Site Scripting (XSS) vulnerability
Summary
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetElements For Elementor jet-elements allows DOM-Based XSS.This issue affects JetElements For Elementor: from n/a through <= 2.7.12.2.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/Wordpress/Plugin/… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Crocoblock | JetElements For Elementor |
Affected:
0 , ≤ 2.7.12.2
(custom)
|
Date Public
2026-04-01 16:04
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-24958",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-03T18:25:44.511306Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T14:51:26.420Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://crocoblock.com",
"defaultStatus": "unaffected",
"packageName": "jet-elements",
"product": "JetElements For Elementor",
"vendor": "Crocoblock",
"versions": [
{
"changes": [
{
"at": "2.7.12.3",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.7.12.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Bonds | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:04:57.458Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in Crocoblock JetElements For Elementor jet-elements allows DOM-Based XSS.\u003cp\u003eThis issue affects JetElements For Elementor: from n/a through \u003c= 2.7.12.2.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in Crocoblock JetElements For Elementor jet-elements allows DOM-Based XSS.This issue affects JetElements For Elementor: from n/a through \u003c= 2.7.12.2."
}
],
"impacts": [
{
"capecId": "CAPEC-588",
"descriptions": [
{
"lang": "en",
"value": "DOM-Based XSS"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:14:51.923Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/jet-elements/vulnerability/wordpress-jetelements-for-elementor-plugin-2-7-12-2-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
],
"title": "WordPress JetElements For Elementor plugin \u003c= 2.7.12.2 - Cross Site Scripting (XSS) vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2026-24958",
"datePublished": "2026-02-03T14:08:34.584Z",
"dateReserved": "2026-01-28T09:50:35.464Z",
"dateUpdated": "2026-04-28T16:14:51.923Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-64355 (GCVE-0-2025-64355)
Vulnerability from cvelistv5 – Published: 2025-12-18 16:16 – Updated: 2026-04-28 16:14
VLAI
Title
WordPress JetElements For Elementor plugin <= 2.7.12 - Cross Site Scripting (XSS) vulnerability
Summary
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetElements For Elementor jet-elements allows DOM-Based XSS.This issue affects JetElements For Elementor: from n/a through <= 2.7.12.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/Wordpress/Plugin/… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Crocoblock | JetElements For Elementor |
Affected:
0 , ≤ 2.7.12
(custom)
|
Date Public
2026-04-01 16:43
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-64355",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-18T16:47:54.409648Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T16:48:36.205Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://crocoblock.com",
"defaultStatus": "unaffected",
"packageName": "jet-elements",
"product": "JetElements For Elementor",
"vendor": "Crocoblock",
"versions": [
{
"changes": [
{
"at": "2.7.12.1",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.7.12",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Bonds | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:43:36.109Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in Crocoblock JetElements For Elementor jet-elements allows DOM-Based XSS.\u003cp\u003eThis issue affects JetElements For Elementor: from n/a through \u003c= 2.7.12.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in Crocoblock JetElements For Elementor jet-elements allows DOM-Based XSS.This issue affects JetElements For Elementor: from n/a through \u003c= 2.7.12."
}
],
"impacts": [
{
"capecId": "CAPEC-588",
"descriptions": [
{
"lang": "en",
"value": "DOM-Based XSS"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:14:14.266Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/jet-elements/vulnerability/wordpress-jetelements-for-elementor-plugin-2-7-12-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
],
"title": "WordPress JetElements For Elementor plugin \u003c= 2.7.12 - Cross Site Scripting (XSS) vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-64355",
"datePublished": "2025-12-18T16:16:33.764Z",
"dateReserved": "2025-10-31T11:23:06.889Z",
"dateUpdated": "2026-04-28T16:14:14.266Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-49939 (GCVE-0-2025-49939)
Vulnerability from cvelistv5 – Published: 2025-10-22 14:32 – Updated: 2026-04-28 20:26
VLAI
Title
WordPress JetElements For Elementor plugin <= 2.7.8 - Cross Site Scripting (XSS) vulnerability
Summary
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetElements For Elementor jet-elements allows Stored XSS.This issue affects JetElements For Elementor: from n/a through <= 2.7.8.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/Wordpress/Plugin/… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Crocoblock | JetElements For Elementor |
Affected:
0 , ≤ 2.7.8
(custom)
|
Date Public
2026-04-01 15:59
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-49939",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-23T14:46:23.472285Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T20:26:11.314Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://crocoblock.com",
"defaultStatus": "unaffected",
"packageName": "jet-elements",
"product": "JetElements For Elementor",
"vendor": "Crocoblock",
"versions": [
{
"changes": [
{
"at": "2.7.8.1",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.7.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "stealthcopter | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T15:59:07.816Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in Crocoblock JetElements For Elementor jet-elements allows Stored XSS.\u003cp\u003eThis issue affects JetElements For Elementor: from n/a through \u003c= 2.7.8.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in Crocoblock JetElements For Elementor jet-elements allows Stored XSS.This issue affects JetElements For Elementor: from n/a through \u003c= 2.7.8."
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "Stored XSS"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:13:08.730Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/jet-elements/vulnerability/wordpress-jetelements-for-elementor-plugin-2-7-8-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
],
"title": "WordPress JetElements For Elementor plugin \u003c= 2.7.8 - Cross Site Scripting (XSS) vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-49939",
"datePublished": "2025-10-22T14:32:17.061Z",
"dateReserved": "2025-06-11T16:07:15.642Z",
"dateUpdated": "2026-04-28T20:26:11.314Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-53983 (GCVE-0-2025-53983)
Vulnerability from cvelistv5 – Published: 2025-08-20 08:03 – Updated: 2026-04-29 09:51
VLAI
Title
WordPress JetElements For Elementor <= 2.7.7 - Sensitive Data Exposure Vulnerability
Summary
Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetElements For Elementor jet-elements allows Retrieve Embedded Sensitive Data.This issue affects JetElements For Elementor: from n/a through <= 2.7.7.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-201 - Insertion of Sensitive Information Into Sent Data
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/Wordpress/Plugin/… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Crocoblock | JetElements For Elementor |
Affected:
0 , ≤ 2.7.7
(custom)
|
Date Public
2026-04-01 16:41
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53983",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-20T14:33:45.462160Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-20T14:33:53.171Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://crocoblock.com",
"defaultStatus": "unaffected",
"packageName": "jet-elements",
"product": "JetElements For Elementor",
"vendor": "Crocoblock",
"versions": [
{
"changes": [
{
"at": "2.7.7.1",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.7.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "stealthcopter | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:41:58.355Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetElements For Elementor jet-elements allows Retrieve Embedded Sensitive Data.\u003cp\u003eThis issue affects JetElements For Elementor: from n/a through \u003c= 2.7.7.\u003c/p\u003e"
}
],
"value": "Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetElements For Elementor jet-elements allows Retrieve Embedded Sensitive Data.This issue affects JetElements For Elementor: from n/a through \u003c= 2.7.7."
}
],
"impacts": [
{
"capecId": "CAPEC-37",
"descriptions": [
{
"lang": "en",
"value": "Retrieve Embedded Sensitive Data"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-201",
"description": "Insertion of Sensitive Information Into Sent Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-29T09:51:55.603Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/jet-elements/vulnerability/wordpress-jetelements-for-elementor-2-7-7-sensitive-data-exposure-vulnerability?_s_id=cve"
}
],
"title": "WordPress JetElements For Elementor \u003c= 2.7.7 - Sensitive Data Exposure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-53983",
"datePublished": "2025-08-20T08:03:09.330Z",
"dateReserved": "2025-07-16T08:51:03.831Z",
"dateUpdated": "2026-04-29T09:51:55.603Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-55714 (GCVE-0-2025-55714)
Vulnerability from cvelistv5 – Published: 2025-08-14 18:21 – Updated: 2026-04-28 16:13
VLAI
Title
WordPress JetElements For Elementor Plugin <= 2.7.9 - Cross Site Scripting (XSS) Vulnerability
Summary
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetElements For Elementor jet-elements allows Stored XSS.This issue affects JetElements For Elementor: from n/a through <= 2.7.9.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/Wordpress/Plugin/… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Crocoblock | JetElements For Elementor |
Affected:
0 , ≤ 2.7.9
(custom)
|
Date Public
2026-04-01 16:42
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-55714",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-14T19:36:52.786253Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-14T19:36:58.769Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://crocoblock.com",
"defaultStatus": "unaffected",
"packageName": "jet-elements",
"product": "JetElements For Elementor",
"vendor": "Crocoblock",
"versions": [
{
"changes": [
{
"at": "2.7.9.1",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.7.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "stealthcopter | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:42:27.835Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in Crocoblock JetElements For Elementor jet-elements allows Stored XSS.\u003cp\u003eThis issue affects JetElements For Elementor: from n/a through \u003c= 2.7.9.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in Crocoblock JetElements For Elementor jet-elements allows Stored XSS.This issue affects JetElements For Elementor: from n/a through \u003c= 2.7.9."
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "Stored XSS"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:13:37.418Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/jet-elements/vulnerability/wordpress-jetelements-for-elementor-plugin-plugin-2-7-9-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
],
"title": "WordPress JetElements For Elementor Plugin \u003c= 2.7.9 - Cross Site Scripting (XSS) Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-55714",
"datePublished": "2025-08-14T18:21:24.869Z",
"dateReserved": "2025-08-14T09:10:30.443Z",
"dateUpdated": "2026-04-28T16:13:37.418Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-53982 (GCVE-0-2025-53982)
Vulnerability from cvelistv5 – Published: 2025-07-16 10:36 – Updated: 2026-04-28 16:13
VLAI
Title
WordPress JetElements For Elementor plugin <= 2.7.7 - Cross Site Scripting (XSS) Vulnerability
Summary
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetElements For Elementor jet-elements allows Stored XSS.This issue affects JetElements For Elementor: from n/a through <= 2.7.7.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/Wordpress/Plugin/… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Crocoblock | JetElements For Elementor |
Affected:
0 , ≤ 2.7.7
(custom)
|
Date Public
2026-04-01 16:43
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53982",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-16T13:29:40.761923Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-16T14:39:44.030Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://crocoblock.com",
"defaultStatus": "unaffected",
"packageName": "jet-elements",
"product": "JetElements For Elementor",
"vendor": "Crocoblock",
"versions": [
{
"changes": [
{
"at": "2.7.7.1",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.7.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "stealthcopter | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:43:15.445Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in Crocoblock JetElements For Elementor jet-elements allows Stored XSS.\u003cp\u003eThis issue affects JetElements For Elementor: from n/a through \u003c= 2.7.7.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in Crocoblock JetElements For Elementor jet-elements allows Stored XSS.This issue affects JetElements For Elementor: from n/a through \u003c= 2.7.7."
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "Stored XSS"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:13:27.132Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/jet-elements/vulnerability/wordpress-jetelements-for-elementor-plugin-2-7-7-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
],
"title": "WordPress JetElements For Elementor plugin \u003c= 2.7.7 - Cross Site Scripting (XSS) Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-53982",
"datePublished": "2025-07-16T10:36:10.369Z",
"dateReserved": "2025-07-16T08:51:03.830Z",
"dateUpdated": "2026-04-28T16:13:27.132Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-39447 (GCVE-0-2025-39447)
Vulnerability from cvelistv5 – Published: 2025-05-19 18:51 – Updated: 2026-04-29 09:51
VLAI
Title
WordPress JetElements For Elementor plugin <= 2.7.4.1 - Broken Access Control Vulnerability
Summary
Missing Authorization vulnerability in Crocoblock JetElements For Elementor jet-elements allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetElements For Elementor: from n/a through <= 2.7.4.1.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-862 - Missing Authorization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/Wordpress/Plugin/… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Crocoblock | JetElements For Elementor |
Affected:
0 , ≤ 2.7.4.1
(custom)
|
Date Public
2026-04-01 16:39
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-39447",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-19T21:14:18.472511Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-19T21:22:35.904Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://crocoblock.com",
"defaultStatus": "unaffected",
"packageName": "jet-elements",
"product": "JetElements For Elementor",
"vendor": "Crocoblock",
"versions": [
{
"changes": [
{
"at": "2.7.4.2",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.7.4.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "stealthcopter | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:39:16.266Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Authorization vulnerability in Crocoblock JetElements For Elementor jet-elements allows Accessing Functionality Not Properly Constrained by ACLs.\u003cp\u003eThis issue affects JetElements For Elementor: from n/a through \u003c= 2.7.4.1.\u003c/p\u003e"
}
],
"value": "Missing Authorization vulnerability in Crocoblock JetElements For Elementor jet-elements allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetElements For Elementor: from n/a through \u003c= 2.7.4.1."
}
],
"impacts": [
{
"capecId": "CAPEC-1",
"descriptions": [
{
"lang": "en",
"value": "Accessing Functionality Not Properly Constrained by ACLs"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-29T09:51:55.028Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/jet-elements/vulnerability/wordpress-jetelements-for-elementor-2-7-4-1-broken-access-control-vulnerability?_s_id=cve"
}
],
"title": "WordPress JetElements For Elementor plugin \u003c= 2.7.4.1 - Broken Access Control Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-39447",
"datePublished": "2025-05-19T18:51:31.986Z",
"dateReserved": "2025-04-16T06:23:22.137Z",
"dateUpdated": "2026-04-29T09:51:55.028Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-39448 (GCVE-0-2025-39448)
Vulnerability from cvelistv5 – Published: 2025-05-19 17:33 – Updated: 2026-04-28 16:12
VLAI
Title
WordPress JetElements For Elementor plugin <= 2.7.4.1 - Cross Site Scripting (XSS) vulnerability
Summary
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetElements For Elementor jet-elements allows Stored XSS.This issue affects JetElements For Elementor: from n/a through <= 2.7.4.1.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/Wordpress/Plugin/… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Crocoblock | JetElements For Elementor |
Affected:
0 , ≤ 2.7.4.1
(custom)
|
Date Public
2026-04-01 16:39
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-39448",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-20T13:11:11.389314Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-20T13:11:18.455Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://crocoblock.com",
"defaultStatus": "unaffected",
"packageName": "jet-elements",
"product": "JetElements For Elementor",
"vendor": "Crocoblock",
"versions": [
{
"changes": [
{
"at": "2.7.4.2",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.7.4.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "stealthcopter | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:39:17.028Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in Crocoblock JetElements For Elementor jet-elements allows Stored XSS.\u003cp\u003eThis issue affects JetElements For Elementor: from n/a through \u003c= 2.7.4.1.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in Crocoblock JetElements For Elementor jet-elements allows Stored XSS.This issue affects JetElements For Elementor: from n/a through \u003c= 2.7.4.1."
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "Stored XSS"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:12:31.890Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/jet-elements/vulnerability/wordpress-jetelements-for-elementor-plugin-2-7-4-1-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
],
"title": "WordPress JetElements For Elementor plugin \u003c= 2.7.4.1 - Cross Site Scripting (XSS) vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-39448",
"datePublished": "2025-05-19T17:33:17.762Z",
"dateReserved": "2025-04-16T06:23:29.554Z",
"dateUpdated": "2026-04-28T16:12:31.890Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-48759 (GCVE-0-2023-48759)
Vulnerability from cvelistv5 – Published: 2024-06-19 10:32 – Updated: 2026-04-28 16:08
VLAI
Title
WordPress JetElements For Elementor plugin <= 2.6.13 - Unauthenticated Arbitrary Attachment Download vulnerability
Summary
Missing Authorization vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through 2.6.13.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-862 - Missing Authorization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/vulnerability/jet… | vdb-entry |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Crocoblock | JetElements For Elementor |
Affected:
n/a , ≤ 2.6.13
(custom)
|
|
| crocoblock | jetelements_for_elementor |
Affected:
0 , ≤ 2.6.13
(custom)
cpe:2.3:a:crocoblock:jetelements_for_elementor:*:*:*:*:*:wordpress:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:crocoblock:jetelements_for_elementor:*:*:*:*:*:wordpress:*:*"
],
"defaultStatus": "unaffected",
"product": "jetelements_for_elementor",
"vendor": "crocoblock",
"versions": [
{
"lessThanOrEqual": "2.6.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-48759",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-03T18:34:59.467308Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-03T18:36:35.309Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:37:54.962Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/jet-elements/wordpress-jetelements-for-elementor-plugin-2-6-13-unauthenticated-arbitrary-attachment-download-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "JetElements For Elementor",
"vendor": "Crocoblock",
"versions": [
{
"changes": [
{
"at": "2.6.13.1",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.6.13",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Rafie Muhammad (Patchstack)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Authorization vulnerability in Crocoblock JetElements For Elementor.\u003cp\u003eThis issue affects JetElements For Elementor: from n/a through 2.6.13.\u003c/p\u003e"
}
],
"value": "Missing Authorization vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through 2.6.13."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:08:54.995Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/jet-elements/wordpress-jetelements-for-elementor-plugin-2-6-13-unauthenticated-arbitrary-attachment-download-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 2.6.13.1 or a higher version."
}
],
"value": "Update to 2.6.13.1 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress JetElements For Elementor plugin \u003c= 2.6.13 - Unauthenticated Arbitrary Attachment Download vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2023-48759",
"datePublished": "2024-06-19T10:32:09.929Z",
"dateReserved": "2023-11-18T22:10:24.152Z",
"dateUpdated": "2026-04-28T16:08:54.995Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-48760 (GCVE-0-2023-48760)
Vulnerability from cvelistv5 – Published: 2024-06-19 10:21 – Updated: 2026-04-28 16:08
VLAI
Title
WordPress JetElements For Elementor plugin <= 2.6.13 - Unauthenticated Broken Access Control vulnerability
Summary
Missing Authorization vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through 2.6.13.
Severity
8.2 (High)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-862 - Missing Authorization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/vulnerability/jet… | vdb-entry |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Crocoblock | JetElements For Elementor |
Affected:
n/a , ≤ 2.6.13
(custom)
|
|
| crocoblock | jetelements_for_elementor |
Affected:
0 , ≤ 2.6.13
(custom)
cpe:2.3:a:crocoblock:jetelements_for_elementor:*:*:*:*:*:wordpress:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:crocoblock:jetelements_for_elementor:*:*:*:*:*:wordpress:*:*"
],
"defaultStatus": "unknown",
"product": "jetelements_for_elementor",
"vendor": "crocoblock",
"versions": [
{
"lessThanOrEqual": "2.6.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-48760",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-20T15:52:54.508039Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-20T18:22:55.300Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:37:54.906Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/jet-elements/wordpress-jetelements-for-elementor-plugin-2-6-13-unauthenticated-broken-access-control-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "JetElements For Elementor",
"vendor": "Crocoblock",
"versions": [
{
"changes": [
{
"at": "2.6.13.1",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.6.13",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Rafie Muhammad (Patchstack)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Authorization vulnerability in Crocoblock JetElements For Elementor.\u003cp\u003eThis issue affects JetElements For Elementor: from n/a through 2.6.13.\u003c/p\u003e"
}
],
"value": "Missing Authorization vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through 2.6.13."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:08:54.933Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/jet-elements/wordpress-jetelements-for-elementor-plugin-2-6-13-unauthenticated-broken-access-control-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 2.6.13.1 or a higher version."
}
],
"value": "Update to 2.6.13.1 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress JetElements For Elementor plugin \u003c= 2.6.13 - Unauthenticated Broken Access Control vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2023-48760",
"datePublished": "2024-06-19T10:21:33.025Z",
"dateReserved": "2023-11-18T22:10:24.152Z",
"dateUpdated": "2026-04-28T16:08:54.933Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-48761 (GCVE-0-2023-48761)
Vulnerability from cvelistv5 – Published: 2024-06-19 10:20 – Updated: 2026-04-28 16:08
VLAI
Title
WordPress JetElements For Elementor plugin <= 2.6.13 - Broken Access Control vulnerability
Summary
Missing Authorization vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through 2.6.13.
Severity
6.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-862 - Missing Authorization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/vulnerability/jet… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Crocoblock | JetElements For Elementor |
Affected:
n/a , ≤ 2.6.13
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-48761",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-20T15:03:35.930279Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-20T15:03:44.186Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:37:54.913Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/jet-elements/wordpress-jetelements-for-elementor-plugin-2-6-13-broken-access-control-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "JetElements For Elementor",
"vendor": "Crocoblock",
"versions": [
{
"changes": [
{
"at": "2.6.13.1",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.6.13",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Rafie Muhammad (Patchstack)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Authorization vulnerability in Crocoblock JetElements For Elementor.\u003cp\u003eThis issue affects JetElements For Elementor: from n/a through 2.6.13.\u003c/p\u003e"
}
],
"value": "Missing Authorization vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through 2.6.13."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:08:54.940Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/jet-elements/wordpress-jetelements-for-elementor-plugin-2-6-13-broken-access-control-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 2.6.13.1 or a higher version."
}
],
"value": "Update to 2.6.13.1 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress JetElements For Elementor plugin \u003c= 2.6.13 - Broken Access Control vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2023-48761",
"datePublished": "2024-06-19T10:20:17.368Z",
"dateReserved": "2023-11-18T22:10:24.153Z",
"dateUpdated": "2026-04-28T16:08:54.940Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-39157 (GCVE-0-2023-39157)
Vulnerability from cvelistv5 – Published: 2023-12-31 10:04 – Updated: 2026-04-28 16:08
VLAI
Title
WordPress JetElements For Elementor Plugin <= 2.6.10 is vulnerable to Remote Code Execution (RCE)
Summary
Improper Control of Generation of Code ('Code Injection') vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through 2.6.10.
Severity
9 (Critical)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/vulnerability/jet… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Crocoblock | JetElements For Elementor |
Affected:
n/a , ≤ 2.6.10
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:02:05.358Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/jet-elements/wordpress-jetelements-for-elementor-plugin-2-6-10-authenticated-remote-code-execution-rce-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "JetElements For Elementor",
"vendor": "Crocoblock",
"versions": [
{
"changes": [
{
"at": "2.6.11",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.6.10",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Rafie Muhammad (Patchstack)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability in Crocoblock JetElements For Elementor.\u003cp\u003eThis issue affects JetElements For Elementor: from n/a through 2.6.10.\u003c/p\u003e"
}
],
"value": "Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through 2.6.10."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:08:34.487Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/jet-elements/wordpress-jetelements-for-elementor-plugin-2-6-10-authenticated-remote-code-execution-rce-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to\u00a02.6.11 or a higher version."
}
],
"value": "Update to\u00a02.6.11 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress JetElements For Elementor Plugin \u003c= 2.6.10 is vulnerable to Remote Code Execution (RCE)",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2023-39157",
"datePublished": "2023-12-31T10:04:01.077Z",
"dateReserved": "2023-07-25T13:50:41.999Z",
"dateUpdated": "2026-04-28T16:08:34.487Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-48762 (GCVE-0-2023-48762)
Vulnerability from cvelistv5 – Published: 2023-12-18 16:16 – Updated: 2026-04-28 16:08
VLAI
Title
WordPress JetElements For Elementor Plugin <= 2.6.13 is vulnerable to Cross Site Request Forgery (CSRF)
Summary
Cross-Site Request Forgery (CSRF) vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through 2.6.13.
Severity
6.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/vulnerability/jet… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Crocoblock | JetElements For Elementor |
Affected:
n/a , ≤ 2.6.13
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:37:54.974Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/jet-elements/wordpress-jetelements-for-elementor-plugin-2-6-13-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-48762",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-12T20:04:37.454138Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-20T20:43:26.848Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "JetElements For Elementor",
"vendor": "Crocoblock",
"versions": [
{
"changes": [
{
"at": "2.6.13.1",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.6.13",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Rafie Muhammad (Patchstack)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Crocoblock JetElements For Elementor.\u003cp\u003eThis issue affects JetElements For Elementor: from n/a through 2.6.13.\u003c/p\u003e"
}
],
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through 2.6.13."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:08:54.962Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/jet-elements/wordpress-jetelements-for-elementor-plugin-2-6-13-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to\u00a02.6.13.1 or a higher version."
}
],
"value": "Update to\u00a02.6.13.1 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress JetElements For Elementor Plugin \u003c= 2.6.13 is vulnerable to Cross Site Request Forgery (CSRF)",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2023-48762",
"datePublished": "2023-12-18T16:16:41.450Z",
"dateReserved": "2023-11-18T22:10:24.153Z",
"dateUpdated": "2026-04-28T16:08:54.962Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-24958 (GCVE-0-2026-24958)
Vulnerability from nvd – Published: 2026-02-03 14:08 – Updated: 2026-04-28 16:14
VLAI
Title
WordPress JetElements For Elementor plugin <= 2.7.12.2 - Cross Site Scripting (XSS) vulnerability
Summary
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetElements For Elementor jet-elements allows DOM-Based XSS.This issue affects JetElements For Elementor: from n/a through <= 2.7.12.2.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/Wordpress/Plugin/… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Crocoblock | JetElements For Elementor |
Affected:
0 , ≤ 2.7.12.2
(custom)
|
Date Public
2026-04-01 16:04
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-24958",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-03T18:25:44.511306Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T14:51:26.420Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://crocoblock.com",
"defaultStatus": "unaffected",
"packageName": "jet-elements",
"product": "JetElements For Elementor",
"vendor": "Crocoblock",
"versions": [
{
"changes": [
{
"at": "2.7.12.3",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.7.12.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Bonds | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:04:57.458Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in Crocoblock JetElements For Elementor jet-elements allows DOM-Based XSS.\u003cp\u003eThis issue affects JetElements For Elementor: from n/a through \u003c= 2.7.12.2.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in Crocoblock JetElements For Elementor jet-elements allows DOM-Based XSS.This issue affects JetElements For Elementor: from n/a through \u003c= 2.7.12.2."
}
],
"impacts": [
{
"capecId": "CAPEC-588",
"descriptions": [
{
"lang": "en",
"value": "DOM-Based XSS"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:14:51.923Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/jet-elements/vulnerability/wordpress-jetelements-for-elementor-plugin-2-7-12-2-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
],
"title": "WordPress JetElements For Elementor plugin \u003c= 2.7.12.2 - Cross Site Scripting (XSS) vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2026-24958",
"datePublished": "2026-02-03T14:08:34.584Z",
"dateReserved": "2026-01-28T09:50:35.464Z",
"dateUpdated": "2026-04-28T16:14:51.923Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-64355 (GCVE-0-2025-64355)
Vulnerability from nvd – Published: 2025-12-18 16:16 – Updated: 2026-04-28 16:14
VLAI
Title
WordPress JetElements For Elementor plugin <= 2.7.12 - Cross Site Scripting (XSS) vulnerability
Summary
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetElements For Elementor jet-elements allows DOM-Based XSS.This issue affects JetElements For Elementor: from n/a through <= 2.7.12.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/Wordpress/Plugin/… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Crocoblock | JetElements For Elementor |
Affected:
0 , ≤ 2.7.12
(custom)
|
Date Public
2026-04-01 16:43
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-64355",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-18T16:47:54.409648Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T16:48:36.205Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://crocoblock.com",
"defaultStatus": "unaffected",
"packageName": "jet-elements",
"product": "JetElements For Elementor",
"vendor": "Crocoblock",
"versions": [
{
"changes": [
{
"at": "2.7.12.1",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.7.12",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Bonds | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:43:36.109Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in Crocoblock JetElements For Elementor jet-elements allows DOM-Based XSS.\u003cp\u003eThis issue affects JetElements For Elementor: from n/a through \u003c= 2.7.12.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in Crocoblock JetElements For Elementor jet-elements allows DOM-Based XSS.This issue affects JetElements For Elementor: from n/a through \u003c= 2.7.12."
}
],
"impacts": [
{
"capecId": "CAPEC-588",
"descriptions": [
{
"lang": "en",
"value": "DOM-Based XSS"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:14:14.266Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/jet-elements/vulnerability/wordpress-jetelements-for-elementor-plugin-2-7-12-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
],
"title": "WordPress JetElements For Elementor plugin \u003c= 2.7.12 - Cross Site Scripting (XSS) vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-64355",
"datePublished": "2025-12-18T16:16:33.764Z",
"dateReserved": "2025-10-31T11:23:06.889Z",
"dateUpdated": "2026-04-28T16:14:14.266Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-49939 (GCVE-0-2025-49939)
Vulnerability from nvd – Published: 2025-10-22 14:32 – Updated: 2026-04-28 20:26
VLAI
Title
WordPress JetElements For Elementor plugin <= 2.7.8 - Cross Site Scripting (XSS) vulnerability
Summary
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetElements For Elementor jet-elements allows Stored XSS.This issue affects JetElements For Elementor: from n/a through <= 2.7.8.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/Wordpress/Plugin/… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Crocoblock | JetElements For Elementor |
Affected:
0 , ≤ 2.7.8
(custom)
|
Date Public
2026-04-01 15:59
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-49939",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-23T14:46:23.472285Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T20:26:11.314Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://crocoblock.com",
"defaultStatus": "unaffected",
"packageName": "jet-elements",
"product": "JetElements For Elementor",
"vendor": "Crocoblock",
"versions": [
{
"changes": [
{
"at": "2.7.8.1",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.7.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "stealthcopter | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T15:59:07.816Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in Crocoblock JetElements For Elementor jet-elements allows Stored XSS.\u003cp\u003eThis issue affects JetElements For Elementor: from n/a through \u003c= 2.7.8.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in Crocoblock JetElements For Elementor jet-elements allows Stored XSS.This issue affects JetElements For Elementor: from n/a through \u003c= 2.7.8."
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "Stored XSS"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:13:08.730Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/jet-elements/vulnerability/wordpress-jetelements-for-elementor-plugin-2-7-8-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
],
"title": "WordPress JetElements For Elementor plugin \u003c= 2.7.8 - Cross Site Scripting (XSS) vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-49939",
"datePublished": "2025-10-22T14:32:17.061Z",
"dateReserved": "2025-06-11T16:07:15.642Z",
"dateUpdated": "2026-04-28T20:26:11.314Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-53983 (GCVE-0-2025-53983)
Vulnerability from nvd – Published: 2025-08-20 08:03 – Updated: 2026-04-29 09:51
VLAI
Title
WordPress JetElements For Elementor <= 2.7.7 - Sensitive Data Exposure Vulnerability
Summary
Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetElements For Elementor jet-elements allows Retrieve Embedded Sensitive Data.This issue affects JetElements For Elementor: from n/a through <= 2.7.7.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-201 - Insertion of Sensitive Information Into Sent Data
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/Wordpress/Plugin/… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Crocoblock | JetElements For Elementor |
Affected:
0 , ≤ 2.7.7
(custom)
|
Date Public
2026-04-01 16:41
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53983",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-20T14:33:45.462160Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-20T14:33:53.171Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://crocoblock.com",
"defaultStatus": "unaffected",
"packageName": "jet-elements",
"product": "JetElements For Elementor",
"vendor": "Crocoblock",
"versions": [
{
"changes": [
{
"at": "2.7.7.1",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.7.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "stealthcopter | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:41:58.355Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetElements For Elementor jet-elements allows Retrieve Embedded Sensitive Data.\u003cp\u003eThis issue affects JetElements For Elementor: from n/a through \u003c= 2.7.7.\u003c/p\u003e"
}
],
"value": "Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetElements For Elementor jet-elements allows Retrieve Embedded Sensitive Data.This issue affects JetElements For Elementor: from n/a through \u003c= 2.7.7."
}
],
"impacts": [
{
"capecId": "CAPEC-37",
"descriptions": [
{
"lang": "en",
"value": "Retrieve Embedded Sensitive Data"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-201",
"description": "Insertion of Sensitive Information Into Sent Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-29T09:51:55.603Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/jet-elements/vulnerability/wordpress-jetelements-for-elementor-2-7-7-sensitive-data-exposure-vulnerability?_s_id=cve"
}
],
"title": "WordPress JetElements For Elementor \u003c= 2.7.7 - Sensitive Data Exposure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-53983",
"datePublished": "2025-08-20T08:03:09.330Z",
"dateReserved": "2025-07-16T08:51:03.831Z",
"dateUpdated": "2026-04-29T09:51:55.603Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-55714 (GCVE-0-2025-55714)
Vulnerability from nvd – Published: 2025-08-14 18:21 – Updated: 2026-04-28 16:13
VLAI
Title
WordPress JetElements For Elementor Plugin <= 2.7.9 - Cross Site Scripting (XSS) Vulnerability
Summary
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetElements For Elementor jet-elements allows Stored XSS.This issue affects JetElements For Elementor: from n/a through <= 2.7.9.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/Wordpress/Plugin/… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Crocoblock | JetElements For Elementor |
Affected:
0 , ≤ 2.7.9
(custom)
|
Date Public
2026-04-01 16:42
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-55714",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-14T19:36:52.786253Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-14T19:36:58.769Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://crocoblock.com",
"defaultStatus": "unaffected",
"packageName": "jet-elements",
"product": "JetElements For Elementor",
"vendor": "Crocoblock",
"versions": [
{
"changes": [
{
"at": "2.7.9.1",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.7.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "stealthcopter | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:42:27.835Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in Crocoblock JetElements For Elementor jet-elements allows Stored XSS.\u003cp\u003eThis issue affects JetElements For Elementor: from n/a through \u003c= 2.7.9.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in Crocoblock JetElements For Elementor jet-elements allows Stored XSS.This issue affects JetElements For Elementor: from n/a through \u003c= 2.7.9."
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "Stored XSS"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:13:37.418Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/jet-elements/vulnerability/wordpress-jetelements-for-elementor-plugin-plugin-2-7-9-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
],
"title": "WordPress JetElements For Elementor Plugin \u003c= 2.7.9 - Cross Site Scripting (XSS) Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-55714",
"datePublished": "2025-08-14T18:21:24.869Z",
"dateReserved": "2025-08-14T09:10:30.443Z",
"dateUpdated": "2026-04-28T16:13:37.418Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-53982 (GCVE-0-2025-53982)
Vulnerability from nvd – Published: 2025-07-16 10:36 – Updated: 2026-04-28 16:13
VLAI
Title
WordPress JetElements For Elementor plugin <= 2.7.7 - Cross Site Scripting (XSS) Vulnerability
Summary
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetElements For Elementor jet-elements allows Stored XSS.This issue affects JetElements For Elementor: from n/a through <= 2.7.7.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/Wordpress/Plugin/… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Crocoblock | JetElements For Elementor |
Affected:
0 , ≤ 2.7.7
(custom)
|
Date Public
2026-04-01 16:43
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53982",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-16T13:29:40.761923Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-16T14:39:44.030Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://crocoblock.com",
"defaultStatus": "unaffected",
"packageName": "jet-elements",
"product": "JetElements For Elementor",
"vendor": "Crocoblock",
"versions": [
{
"changes": [
{
"at": "2.7.7.1",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.7.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "stealthcopter | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:43:15.445Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in Crocoblock JetElements For Elementor jet-elements allows Stored XSS.\u003cp\u003eThis issue affects JetElements For Elementor: from n/a through \u003c= 2.7.7.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in Crocoblock JetElements For Elementor jet-elements allows Stored XSS.This issue affects JetElements For Elementor: from n/a through \u003c= 2.7.7."
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "Stored XSS"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:13:27.132Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/jet-elements/vulnerability/wordpress-jetelements-for-elementor-plugin-2-7-7-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
],
"title": "WordPress JetElements For Elementor plugin \u003c= 2.7.7 - Cross Site Scripting (XSS) Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-53982",
"datePublished": "2025-07-16T10:36:10.369Z",
"dateReserved": "2025-07-16T08:51:03.830Z",
"dateUpdated": "2026-04-28T16:13:27.132Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-39447 (GCVE-0-2025-39447)
Vulnerability from nvd – Published: 2025-05-19 18:51 – Updated: 2026-04-29 09:51
VLAI
Title
WordPress JetElements For Elementor plugin <= 2.7.4.1 - Broken Access Control Vulnerability
Summary
Missing Authorization vulnerability in Crocoblock JetElements For Elementor jet-elements allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetElements For Elementor: from n/a through <= 2.7.4.1.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-862 - Missing Authorization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/Wordpress/Plugin/… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Crocoblock | JetElements For Elementor |
Affected:
0 , ≤ 2.7.4.1
(custom)
|
Date Public
2026-04-01 16:39
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-39447",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-19T21:14:18.472511Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-19T21:22:35.904Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://crocoblock.com",
"defaultStatus": "unaffected",
"packageName": "jet-elements",
"product": "JetElements For Elementor",
"vendor": "Crocoblock",
"versions": [
{
"changes": [
{
"at": "2.7.4.2",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.7.4.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "stealthcopter | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:39:16.266Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Authorization vulnerability in Crocoblock JetElements For Elementor jet-elements allows Accessing Functionality Not Properly Constrained by ACLs.\u003cp\u003eThis issue affects JetElements For Elementor: from n/a through \u003c= 2.7.4.1.\u003c/p\u003e"
}
],
"value": "Missing Authorization vulnerability in Crocoblock JetElements For Elementor jet-elements allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetElements For Elementor: from n/a through \u003c= 2.7.4.1."
}
],
"impacts": [
{
"capecId": "CAPEC-1",
"descriptions": [
{
"lang": "en",
"value": "Accessing Functionality Not Properly Constrained by ACLs"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-29T09:51:55.028Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/jet-elements/vulnerability/wordpress-jetelements-for-elementor-2-7-4-1-broken-access-control-vulnerability?_s_id=cve"
}
],
"title": "WordPress JetElements For Elementor plugin \u003c= 2.7.4.1 - Broken Access Control Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-39447",
"datePublished": "2025-05-19T18:51:31.986Z",
"dateReserved": "2025-04-16T06:23:22.137Z",
"dateUpdated": "2026-04-29T09:51:55.028Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-39448 (GCVE-0-2025-39448)
Vulnerability from nvd – Published: 2025-05-19 17:33 – Updated: 2026-04-28 16:12
VLAI
Title
WordPress JetElements For Elementor plugin <= 2.7.4.1 - Cross Site Scripting (XSS) vulnerability
Summary
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetElements For Elementor jet-elements allows Stored XSS.This issue affects JetElements For Elementor: from n/a through <= 2.7.4.1.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/Wordpress/Plugin/… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Crocoblock | JetElements For Elementor |
Affected:
0 , ≤ 2.7.4.1
(custom)
|
Date Public
2026-04-01 16:39
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-39448",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-20T13:11:11.389314Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-20T13:11:18.455Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://crocoblock.com",
"defaultStatus": "unaffected",
"packageName": "jet-elements",
"product": "JetElements For Elementor",
"vendor": "Crocoblock",
"versions": [
{
"changes": [
{
"at": "2.7.4.2",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.7.4.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "stealthcopter | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:39:17.028Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in Crocoblock JetElements For Elementor jet-elements allows Stored XSS.\u003cp\u003eThis issue affects JetElements For Elementor: from n/a through \u003c= 2.7.4.1.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in Crocoblock JetElements For Elementor jet-elements allows Stored XSS.This issue affects JetElements For Elementor: from n/a through \u003c= 2.7.4.1."
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "Stored XSS"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:12:31.890Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/jet-elements/vulnerability/wordpress-jetelements-for-elementor-plugin-2-7-4-1-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
],
"title": "WordPress JetElements For Elementor plugin \u003c= 2.7.4.1 - Cross Site Scripting (XSS) vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-39448",
"datePublished": "2025-05-19T17:33:17.762Z",
"dateReserved": "2025-04-16T06:23:29.554Z",
"dateUpdated": "2026-04-28T16:12:31.890Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-48759 (GCVE-0-2023-48759)
Vulnerability from nvd – Published: 2024-06-19 10:32 – Updated: 2026-04-28 16:08
VLAI
Title
WordPress JetElements For Elementor plugin <= 2.6.13 - Unauthenticated Arbitrary Attachment Download vulnerability
Summary
Missing Authorization vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through 2.6.13.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-862 - Missing Authorization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/vulnerability/jet… | vdb-entry |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Crocoblock | JetElements For Elementor |
Affected:
n/a , ≤ 2.6.13
(custom)
|
|
| crocoblock | jetelements_for_elementor |
Affected:
0 , ≤ 2.6.13
(custom)
cpe:2.3:a:crocoblock:jetelements_for_elementor:*:*:*:*:*:wordpress:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:crocoblock:jetelements_for_elementor:*:*:*:*:*:wordpress:*:*"
],
"defaultStatus": "unaffected",
"product": "jetelements_for_elementor",
"vendor": "crocoblock",
"versions": [
{
"lessThanOrEqual": "2.6.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-48759",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-03T18:34:59.467308Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-03T18:36:35.309Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:37:54.962Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/jet-elements/wordpress-jetelements-for-elementor-plugin-2-6-13-unauthenticated-arbitrary-attachment-download-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "JetElements For Elementor",
"vendor": "Crocoblock",
"versions": [
{
"changes": [
{
"at": "2.6.13.1",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.6.13",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Rafie Muhammad (Patchstack)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Authorization vulnerability in Crocoblock JetElements For Elementor.\u003cp\u003eThis issue affects JetElements For Elementor: from n/a through 2.6.13.\u003c/p\u003e"
}
],
"value": "Missing Authorization vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through 2.6.13."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:08:54.995Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/jet-elements/wordpress-jetelements-for-elementor-plugin-2-6-13-unauthenticated-arbitrary-attachment-download-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 2.6.13.1 or a higher version."
}
],
"value": "Update to 2.6.13.1 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress JetElements For Elementor plugin \u003c= 2.6.13 - Unauthenticated Arbitrary Attachment Download vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2023-48759",
"datePublished": "2024-06-19T10:32:09.929Z",
"dateReserved": "2023-11-18T22:10:24.152Z",
"dateUpdated": "2026-04-28T16:08:54.995Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-48760 (GCVE-0-2023-48760)
Vulnerability from nvd – Published: 2024-06-19 10:21 – Updated: 2026-04-28 16:08
VLAI
Title
WordPress JetElements For Elementor plugin <= 2.6.13 - Unauthenticated Broken Access Control vulnerability
Summary
Missing Authorization vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through 2.6.13.
Severity
8.2 (High)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-862 - Missing Authorization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/vulnerability/jet… | vdb-entry |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Crocoblock | JetElements For Elementor |
Affected:
n/a , ≤ 2.6.13
(custom)
|
|
| crocoblock | jetelements_for_elementor |
Affected:
0 , ≤ 2.6.13
(custom)
cpe:2.3:a:crocoblock:jetelements_for_elementor:*:*:*:*:*:wordpress:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:crocoblock:jetelements_for_elementor:*:*:*:*:*:wordpress:*:*"
],
"defaultStatus": "unknown",
"product": "jetelements_for_elementor",
"vendor": "crocoblock",
"versions": [
{
"lessThanOrEqual": "2.6.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-48760",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-20T15:52:54.508039Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-20T18:22:55.300Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:37:54.906Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/jet-elements/wordpress-jetelements-for-elementor-plugin-2-6-13-unauthenticated-broken-access-control-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "JetElements For Elementor",
"vendor": "Crocoblock",
"versions": [
{
"changes": [
{
"at": "2.6.13.1",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.6.13",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Rafie Muhammad (Patchstack)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Authorization vulnerability in Crocoblock JetElements For Elementor.\u003cp\u003eThis issue affects JetElements For Elementor: from n/a through 2.6.13.\u003c/p\u003e"
}
],
"value": "Missing Authorization vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through 2.6.13."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:08:54.933Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/jet-elements/wordpress-jetelements-for-elementor-plugin-2-6-13-unauthenticated-broken-access-control-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 2.6.13.1 or a higher version."
}
],
"value": "Update to 2.6.13.1 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress JetElements For Elementor plugin \u003c= 2.6.13 - Unauthenticated Broken Access Control vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2023-48760",
"datePublished": "2024-06-19T10:21:33.025Z",
"dateReserved": "2023-11-18T22:10:24.152Z",
"dateUpdated": "2026-04-28T16:08:54.933Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-48761 (GCVE-0-2023-48761)
Vulnerability from nvd – Published: 2024-06-19 10:20 – Updated: 2026-04-28 16:08
VLAI
Title
WordPress JetElements For Elementor plugin <= 2.6.13 - Broken Access Control vulnerability
Summary
Missing Authorization vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through 2.6.13.
Severity
6.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-862 - Missing Authorization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/vulnerability/jet… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Crocoblock | JetElements For Elementor |
Affected:
n/a , ≤ 2.6.13
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-48761",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-20T15:03:35.930279Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-20T15:03:44.186Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:37:54.913Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/jet-elements/wordpress-jetelements-for-elementor-plugin-2-6-13-broken-access-control-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "JetElements For Elementor",
"vendor": "Crocoblock",
"versions": [
{
"changes": [
{
"at": "2.6.13.1",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.6.13",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Rafie Muhammad (Patchstack)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Authorization vulnerability in Crocoblock JetElements For Elementor.\u003cp\u003eThis issue affects JetElements For Elementor: from n/a through 2.6.13.\u003c/p\u003e"
}
],
"value": "Missing Authorization vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through 2.6.13."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:08:54.940Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/jet-elements/wordpress-jetelements-for-elementor-plugin-2-6-13-broken-access-control-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 2.6.13.1 or a higher version."
}
],
"value": "Update to 2.6.13.1 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress JetElements For Elementor plugin \u003c= 2.6.13 - Broken Access Control vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2023-48761",
"datePublished": "2024-06-19T10:20:17.368Z",
"dateReserved": "2023-11-18T22:10:24.153Z",
"dateUpdated": "2026-04-28T16:08:54.940Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-39157 (GCVE-0-2023-39157)
Vulnerability from nvd – Published: 2023-12-31 10:04 – Updated: 2026-04-28 16:08
VLAI
Title
WordPress JetElements For Elementor Plugin <= 2.6.10 is vulnerable to Remote Code Execution (RCE)
Summary
Improper Control of Generation of Code ('Code Injection') vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through 2.6.10.
Severity
9 (Critical)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/vulnerability/jet… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Crocoblock | JetElements For Elementor |
Affected:
n/a , ≤ 2.6.10
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:02:05.358Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/jet-elements/wordpress-jetelements-for-elementor-plugin-2-6-10-authenticated-remote-code-execution-rce-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "JetElements For Elementor",
"vendor": "Crocoblock",
"versions": [
{
"changes": [
{
"at": "2.6.11",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.6.10",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Rafie Muhammad (Patchstack)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability in Crocoblock JetElements For Elementor.\u003cp\u003eThis issue affects JetElements For Elementor: from n/a through 2.6.10.\u003c/p\u003e"
}
],
"value": "Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through 2.6.10."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:08:34.487Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/jet-elements/wordpress-jetelements-for-elementor-plugin-2-6-10-authenticated-remote-code-execution-rce-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to\u00a02.6.11 or a higher version."
}
],
"value": "Update to\u00a02.6.11 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress JetElements For Elementor Plugin \u003c= 2.6.10 is vulnerable to Remote Code Execution (RCE)",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2023-39157",
"datePublished": "2023-12-31T10:04:01.077Z",
"dateReserved": "2023-07-25T13:50:41.999Z",
"dateUpdated": "2026-04-28T16:08:34.487Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-48762 (GCVE-0-2023-48762)
Vulnerability from nvd – Published: 2023-12-18 16:16 – Updated: 2026-04-28 16:08
VLAI
Title
WordPress JetElements For Elementor Plugin <= 2.6.13 is vulnerable to Cross Site Request Forgery (CSRF)
Summary
Cross-Site Request Forgery (CSRF) vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through 2.6.13.
Severity
6.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/vulnerability/jet… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Crocoblock | JetElements For Elementor |
Affected:
n/a , ≤ 2.6.13
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:37:54.974Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/jet-elements/wordpress-jetelements-for-elementor-plugin-2-6-13-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-48762",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-12T20:04:37.454138Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-20T20:43:26.848Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "JetElements For Elementor",
"vendor": "Crocoblock",
"versions": [
{
"changes": [
{
"at": "2.6.13.1",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.6.13",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Rafie Muhammad (Patchstack)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Crocoblock JetElements For Elementor.\u003cp\u003eThis issue affects JetElements For Elementor: from n/a through 2.6.13.\u003c/p\u003e"
}
],
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through 2.6.13."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:08:54.962Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/jet-elements/wordpress-jetelements-for-elementor-plugin-2-6-13-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to\u00a02.6.13.1 or a higher version."
}
],
"value": "Update to\u00a02.6.13.1 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress JetElements For Elementor Plugin \u003c= 2.6.13 is vulnerable to Cross Site Request Forgery (CSRF)",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2023-48762",
"datePublished": "2023-12-18T16:16:41.450Z",
"dateReserved": "2023-11-18T22:10:24.153Z",
"dateUpdated": "2026-04-28T16:08:54.962Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}