Description
Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetElements For Elementor jet-elements allows Retrieve Embedded Sensitive Data.This issue affects JetElements For Elementor: from n/a through <= 2.7.7.
Published: 2025-08-20
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability consists of inserting sensitive information into sent data, enabling the retrieval of embedded sensitive data that should otherwise be hidden. This defect permits an attacker to read confidential content exposed through the plugin’s interfaces, thereby compromising data confidentiality for affected users.

Affected Systems

The affected systems are WordPress installations running the Crocoblock JetElements For Elementor plugin version 2.7.7 or earlier.

Risk and Exploitability

The CVSS score of 6.5 classifies the flaw as a moderate‑severity data exposure. EPSS is less than 1 %, indicating a low likelihood of exploitation, and it is not catalogued in CISA KEV. The attack vector is inferred to be a legitimate request through the plugin’s front‑end endpoints; an attacker with access to the site can exploit this to exfiltrate concealed data. Overall risk is moderate but the exploitation probability remains low.

Generated by OpenCVE AI on April 30, 2026 at 08:37 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update JetElements For Elementor to a version higher than 2.7.7.
  • If an update cannot be applied immediately, disable the plugin or block its endpoints to stop the exposed data flow.
  • Apply stricter user‑role restrictions so that only trusted administrators can use the plugin’s sensitive features.

Generated by OpenCVE AI on April 30, 2026 at 08:37 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-25321 Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetElements For Elementor allows Retrieve Embedded Sensitive Data. This issue affects JetElements For Elementor: from n/a through 2.7.7.
History

Wed, 29 Apr 2026 10:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetElements For Elementor allows Retrieve Embedded Sensitive Data. This issue affects JetElements For Elementor: from n/a through 2.7.7. Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetElements For Elementor jet-elements allows Retrieve Embedded Sensitive Data.This issue affects JetElements For Elementor: from n/a through <= 2.7.7.
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}

Thu, 21 Aug 2025 12:45:00 +0000

Type Values Removed Values Added
First Time appeared Crocoblock
Crocoblock jetelements For Elementor
Wordpress
Wordpress wordpress
Vendors & Products Crocoblock
Crocoblock jetelements For Elementor
Wordpress
Wordpress wordpress

Wed, 20 Aug 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 20 Aug 2025 08:15:00 +0000

Type Values Removed Values Added
Description Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetElements For Elementor allows Retrieve Embedded Sensitive Data. This issue affects JetElements For Elementor: from n/a through 2.7.7.
Title WordPress JetElements For Elementor <= 2.7.7 - Sensitive Data Exposure Vulnerability
Weaknesses CWE-201
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}

Subscriptions

Crocoblock Jetelements For Elementor
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-29T09:51:55.603Z

Reserved: 2025-07-16T08:51:03.831Z

Link: CVE-2025-53983

cve-icon Vulnrichment

Updated: 2025-08-20T14:33:49.754Z

cve-icon NVD

Status : Deferred

Published: 2025-08-20T08:15:43.770

Modified: 2026-04-29T10:16:49.877

Link: CVE-2025-53983

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T08:45:16Z

Weaknesses