• Call Us: (540) 566-8737
    • Account Login (AMP)
    Menu
    Jet Elements <= 2.7.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets

    Jet Elements <= 2.7.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets

    Tweet
    Share
    Share
    Pin
    0 Shares

    EntreBase Advisory: The JetElements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets in all versions up to, and including, 2.7.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

    Read more about this vulnerability: https://www.wordfence.com/threat-intel/vulnerabilities/id/ded2f366-375c-4cf6-9cbd-c969a3b3d6d5?source=api-prod

    About the Contributor
    Trust & Safety
    The Trust & Safety team ensures the EntreBase platform remains compliant, safe, and user-friendly. Focused on risk management and user protection, they work to uphold trust and provide a seamless experience.