Stored Cross-Site Scripting Vulnerability in JetWidgets for Elementor Plugin by WordPress
CVE-2026-11380
6.4MEDIUM
What is CVE-2026-11380?
The JetWidgets for Elementor plugin for WordPress is susceptible to Stored Cross-Site Scripting vulnerabilities in versions up to 1.0.21. This security flaw arises from inadequate output escaping and a lack of server-side validation for the animation_effect setting in the Animated Box widget. Authenticated users with author-level access or higher can exploit this vulnerability to inject arbitrary web scripts into rendered pages, leading to potential exploitation whenever users access these compromised pages.
Affected Version(s)
JetWidgets For Elementor 0 <= 1.0.21