cleantalk
Vulnerabilities and Security Researches

JetWidgets For Elementor, CVE-2023-0034

CVE, Research URL

CVE-2023-0034

Home page URL

Security reports for JetWidgets For Elementor

Application

JetWidgets For Elementor

Published on
Feb 13, 2023
Research Description
The JetWidgets For Elementor WordPress plugin before 1.0.14 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
Affected versions
max 1.0.14.
Status
vulnerable
Previous vulnerability researches
JetWidgets For Elementor (CVE-2024-10323) , Nov 13, 2024
JetWidgets For Elementor (CVE-2025-8195) , Apr 24, 2026
JetWidgets For Elementor (CVE-2021-24268) , Jun 07, 2024
JetWidgets For Elementor (CVE-2024-2507) , Jun 07, 2024
JetWidgets For Elementor (CVE-2023-0086) , Jun 07, 2024
New vulnerability
Events Addon for Elementor (CVE-2025-8150) , Apr 24, 2026
WordPress Infinite Scroll – Ajax Load More (CVE-2025-59582) , Apr 24, 2026
WP Compress – Image Optimizer [All-In-One] (CVE-2025-57899) , Apr 24, 2026
Classified Listing – Classified ads & Business Directory Plugin (CVE-2025-7711) , Apr 24, 2026
Popup Anything – Popup for opt-ins and Lead Generation Conversions (CVE-2026-6443) , Apr 24, 2026