{
  "claim": {
    "argus_claim_ref": null,
    "attacker_control": null,
    "claimed_surface": null,
    "expected_impact": null,
    "finding_id": null,
    "id": null,
    "required_entrypoint_detail": null,
    "required_entrypoint_kind": null,
    "submission_reason": "ticket_derived",
    "trigger_class": null,
    "upstream_verdicts": null
  },
  "latest_description": "The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 1.0.21. This is due to insufficient output escaping and missing server-side validation of the Animated Box widget's animation_effect setting before it is rendered inside an HTML class attribute. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",
  "product": "jetmonsters/jetwidgets-for-elementor",
  "severity": "medium",
  "status": "open",
  "summary": "JetWidgets For Elementor Stored XSS via Animated Box animation_effect",
  "ticket_id": "CVE-2026-11380"
}