Shodan
Vulnerabilities
Vulnerable Software
Crocoblock:  Security Vulnerabilities
CVE-2023-39157
Improper Control of Generation of Code ('Code Injection') vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through 2.6.10.
CVSS Score
9.0
EPSS Score
0.003
Published
2023-12-31
CVE-2023-48762
Cross-Site Request Forgery (CSRF) vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through 2.6.13.
CVSS Score
6.3
EPSS Score
0.001
Published
2023-12-18
CVE-2023-33212
Cross-Site Request Forgery (CSRF) vulnerability in Crocoblock JetFormBuilder — Dynamic Blocks Form Builder plugin <= 3.0.6 versions.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-05-28
CVE-2023-1406
The JetEngine WordPress plugin before 3.1.3.1 includes uploaded files without adequately ensuring that they are not executable, leading to a remote code execution vulnerability.
CVSS Score
8.8
EPSS Score
0.065
Published
2023-04-10
CVE-2023-0034
The JetWidgets For Elementor WordPress plugin before 1.0.14 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
CVSS Score
5.4
EPSS Score
0.004
Published
2023-02-13
CVE-2023-0086
The JetWidgets for Elementor plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.12. This is due to missing nonce validation on the save() function. This makes it possible for unauthenticated attackers to to modify the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This can be used to enable SVG uploads that could make Cross-Site Scripting possible.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-01-05
CVE-2021-41844
Crocoblock JetEngine before 2.9.1 does not properly validate and sanitize form data.
CVSS Score
9.8
EPSS Score
0.005
Published
2021-12-15
CVE-2021-38607
Crocoblock JetEngine before 2.6.1 allows XSS by remote authenticated users via a custom form input.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-08-16
CVE-2021-24268
The “JetWidgets For Elementor” WordPress Plugin before 1.0.9 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-05-05


Products
Pricing
Contact Us

Shodan ® - All rights reserved