WordPress Plugin Vulnerabilities

JetWidgets for Elementor < 1.0.13 - Settings Update via CSRF

Description

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

Affects Plugins

Plugin icon
jetwidgets-for-elementor
Fixed in 1.0.13

References

CVE
CVE-2023-0086

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Chloe Chamberland
Verified
Yes
WPVDB ID
7eeeb644-7902-410e-955d-fcbb8d0fbd37

Timeline

Publicly Published
2023-01-04 (about 3 years ago)
Added
2023-01-05 (about 3 years ago)
Last Updated
2023-03-06 (about 3 years ago)

Other

Published
Title
Published
2020-09-16
Title
Cool Timeline < 2.0.3 - Cross-Site Request Forgery
Published
2024-09-16
Title
PropertyHive < 2.0.20 - Cross-Site Request Forgery via save_account_details
Published
2023-02-28
Title
HT Politic < 2.3.8 - Arbitrary Plugin Activation via CSRF
Published
2025-11-03
Title
Top Bar Notification <= 1.12 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2020-08-03
Title
Ajax Search Pro < 4.19 - Stored XSS via CSRF