cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-10323,https://securityvulnerability.io/vulnerability/CVE-2024-10323,Stored Cross-Site Scripting (XSS) Vulnerability in JetWidgets For Elementor Plugin,"The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 1.0.18 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.",Wordpress,Jetwidgets For Elementor,6.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-11-12T06:48:15.375Z,0
CVE-2024-4626,https://securityvulnerability.io/vulnerability/CVE-2024-4626,Stored Cross-Site Scripting Vulnerability in JetWidgets For Elementor Plugin,"The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘layout_type’ and 'id' parameters in all versions up to, and including, 1.0.17 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Jetwidgets For Elementor,5.4,MEDIUM,0.0005300000193528831,false,,false,false,false,,false,false,2024-06-20T02:08:21.467Z,0
CVE-2024-2138,https://securityvulnerability.io/vulnerability/CVE-2024-2138,Stored Cross-Site Scripting Vulnerability in JetWidgets For Elementor Plugin,"The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Animated Box widget in all versions up to, and including, 1.0.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Jetwidgets For Elementor,6.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-04-09T18:59:35.274Z,0
CVE-2024-2507,https://securityvulnerability.io/vulnerability/CVE-2024-2507,Stored Cross-Site Scripting in JetWidgets For Elementor Plugin by WordPress,"The JetWidgets For Elementor plugin in WordPress is susceptible to a Stored Cross-Site Scripting vulnerability. This flaw arises from inadequate input sanitization and output escaping in the widget button URL, affecting all versions up to and including 1.0.16. Authenticated attackers with contributor-level access or higher can exploit this vulnerability to inject arbitrary web scripts into pages. Such scripts are executed whenever an affected page is accessed, potentially compromising user data and site integrity.",Wordpress,Jetwidgets For Elementor,6.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-04-09T18:59:10.415Z,0
CVE-2023-0034,https://securityvulnerability.io/vulnerability/CVE-2023-0034,JetWidgets For Elementor < 1.0.14 - Contributor+ Stored XSS via Shortcode,"The JetWidgets For Elementor WordPress plugin before 1.0.14 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks",Wordpress,Jetwidgets For Elementor,5.4,MEDIUM,0.000539999979082495,false,,false,false,true,true,false,false,2023-02-13T15:15:00.000Z,0
CVE-2023-0086,https://securityvulnerability.io/vulnerability/CVE-2023-0086,Cross-Site Request Forgery in JetWidgets for Elementor Plugin by WordPress,"The JetWidgets for Elementor plugin for WordPress is susceptible to a Cross-Site Request Forgery vulnerability due to a lack of nonce validation in its save() function, affecting versions up to and including 1.0.12. This security flaw could allow unauthenticated attackers to trick site administrators into performing unwarranted actions, such as changing plugin settings or enabling potentially harmful features like SVG uploads. If exploited, this could lead to further vulnerabilities, including Cross-Site Scripting attacks.",Wordpress,Jetwidgets For Elementor,5.4,MEDIUM,0.0006699999794363976,false,,false,false,false,,false,false,2023-01-05T17:15:00.000Z,0
CVE-2021-24268,https://securityvulnerability.io/vulnerability/CVE-2021-24268,JetWidgets For Elementor < 1.0.9 - Contributor+ Stored XSS,"The “JetWidgets For Elementor” WordPress Plugin before 1.0.9 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.",Wordpress,Jetwidgets For Elementor,5.4,MEDIUM,0.0005000000237487257,false,,false,false,false,,false,false,2021-05-05T18:28:47.000Z,0