CVE Details
Basic Information
| Title | CVE-2025-39448 |
|---|---|
| Type | cve |
| Published | 2025-05-19T18:15:29 |
| Last Seen | 2025-05-19T18:18:45 |
CVSS Information
| Base Score | 6.5 (MEDIUM) |
|---|---|
| Attack Vector | NETWORK |
| Attack Complexity | LOW |
| Privileges Required | LOW |
| User Interaction | REQUIRED |
| Scope | CHANGED |
| Confidentiality Impact | LOW |
| Integrity Impact | LOW |
| Availability Impact | LOW |
AI Analysis
| AI Description | A stored XSS vulnerability in Crocoblock JetElements for Elementor allows attackers to inject malicious scripts into web pages, potentially leading to unauthorized actions and data theft. This occurs due to improper input neutralization during web page generation. |
|---|---|
| AI Severity | Medium |
| Vendor | WordPress Community |
| Product | Crocoblock JetElements |
| Affected Version | Versions not specified |
Additional Information
| CVE List | CVE-2025-39448 |
|---|---|
| CWE List | CWE-79 |
| Bulletin Family | cve |
Description
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Crocoblock JetElements For Elementor allows Stored XSS. This issue affects JetElements…
CVSS Score Summary
Base Score: %!f(string=#) (MEDIUM)