WordPress JetElements For Elementor Plugin <= 2.6.10 is vulnerable to Remote Code Execution (RCE)
CVE-2023-39157

9CRITICAL

Key Information:

Vendor: WordPress
Status: JetElements For Elementor
Vendor: CVE Published:; 31 December 2023

What is CVE-2023-39157?

A Code Injection vulnerability exists in the Crocoblock JetElements plugin for Elementor, allowing an attacker to execute arbitrary code due to improper validation within the application. This weakness affects versions from n/a to 2.6.10, posing significant risks to websites using this plugin. If exploited, this vulnerability could enable attackers to gain unauthorized control over affected installations.

Affected Version(s)

JetElements For Elementor <= 2.6.10

References

https://patchstack.com/database/vulnerability/jet-element...

vdb-entry

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 31, 2023
Vulnerability Reserved
Jul 25, 2023

Credit

Rafie Muhammad (Patchstack)