Cross-Site Scripting Vulnerability in JetBlocks for Elementor by NotFound
CVE-2025-30987
6.5MEDIUM
What is CVE-2025-30987?
A significant Cross-Site Scripting (XSS) vulnerability exists in the JetBlocks for Elementor plugin developed by NotFound. This flaw allows attackers to exploit improper neutralization of input during web page generation, resulting in the potential for stored XSS attacks. Affected versions range from n/a to 1.3.16, rendering sites utilizing this plugin susceptible to malicious script injections that could compromise user data and session integrity.
Affected Version(s)
JetBlocks For Elementor 0 <= 1.3.16