What the vulnerability does
01Description
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Crocoblock JetBlocks For Elementor jet-blocks allows Retrieve Embedded Sensitive Data.This issue affects JetBlocks For Elementor: from n/a through <= 1.5.0.
Explanation of Vulnerability in Simple Terms
02Summary
JetBlocks For Elementor versions up to 1.5.0 expose sensitive information that can be read over the network without authentication. An attacker can retrieve this data directly, though the specific nature of the exposed information is not detailed in available metadata. Update to a version newer than 1.5.0 to resolve this issue.
What an attacker can do
03Attacker Capabilities
Read sensitive information from the plugin without logging in.
Potential impact on your site
04Site Impact
Sensitive data may be exposed to unauthenticated visitors; exact data type unknown from available metadata.
Conditions required to exploit
05Prerequisites
Network access to the site; no authentication or user interaction required.
Key dates
06Disclosure timeline
July 13, 2026
CVE published