Cross-Site Scripting Vulnerability in JetBlocks for Elementor by NotFound
CVE-2025-30987

6.5MEDIUM

Key Information:

Vendor

WordPress

Vendor
CVE Published:
31 March 2025

What is CVE-2025-30987?

A significant Cross-Site Scripting (XSS) vulnerability exists in the JetBlocks for Elementor plugin developed by NotFound. This flaw allows attackers to exploit improper neutralization of input during web page generation, resulting in the potential for stored XSS attacks. Affected versions range from n/a to 1.3.16, rendering sites utilizing this plugin susceptible to malicious script injections that could compromise user data and session integrity.

Affected Version(s)

JetBlocks For Elementor 0 <= 1.3.16

References

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

stealthcopter (Patchstack Alliance)
.