Vulnerabilities and security researches forjeg-elementor-kit jeg-elementor-kit

Direction: ascending

Jun 07, 2024

Jeg Elementor Kit # CVE-2024-1326

CVE, Research URL: CVE-2024-1326
Home page URL: Security reports for Jeg Elementor Kit
Application: Jeg Elementor Kit
Date: Mar 21, 2024
Research Description: The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via HTML Tag attributes in all versions up to, and including, 2.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Jeg Elementor Kit # CVE-2022-3805

CVE, Research URL: CVE-2022-3805
Home page URL: Security reports for Jeg Elementor Kit
Application: Jeg Elementor Kit
Date: Dec 23, 2022
Research Description: The Jeg Elementor Kit plugin for WordPress is vulnerable to authorization bypass in various functions used to update the plugin settings in versions up to, and including, 2.5.6. Unauthenticated users can use an easily available nonce, obtained from pages edited by the plugin, to update the MailChimp API key, global styles, 404 page settings, and enabled elements.
Affected versions: Min -, max -.
Status: vulnerable

Jeg Elementor Kit # CVE-2024-0334

CVE, Research URL: CVE-2024-0334
Home page URL: Security reports for Jeg Elementor Kit
Application: Jeg Elementor Kit
Date: May 01, 2024
Research Description: The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom attribute of a link in several Elementor widgets in all versions up to, and including, 2.6.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Jeg Elementor Kit # CVE-2022-3794

CVE, Research URL: CVE-2022-3794
Home page URL: Security reports for Jeg Elementor Kit
Application: Jeg Elementor Kit
Date: Dec 23, 2022
Research Description: The Jeg Elementor Kit plugin for WordPress is vulnerable to authorization bypass in various AJAX actions in versions up to, and including, 2.5.6. Authenticated users can use an easily available nonce value to create header templates and make additional changes to the site, as the plugin does not use capability checks for this purpose.
Affected versions: Min -, max -.
Status: vulnerable

Jeg Elementor Kit # CVE-2024-1327

CVE, Research URL: CVE-2024-1327
Home page URL: Security reports for Jeg Elementor Kit
Application: Jeg Elementor Kit
Date: Apr 03, 2024
Research Description: The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's image box widget in all versions up to, and including, 2.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Jeg Elementor Kit # CVE-2024-29101

CVE, Research URL: CVE-2024-29101
Home page URL: Security reports for Jeg Elementor Kit
Application: Jeg Elementor Kit
Date: Mar 19, 2024
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jegtheme Jeg Elementor Kit allows Stored XSS.This issue affects Jeg Elementor Kit: from n/a through 2.6.2.
Affected versions: Min -, max -.
Status: vulnerable

Jeg Elementor Kit # CVE-2024-3819

CVE, Research URL: CVE-2024-3819
Home page URL: Security reports for Jeg Elementor Kit
Application: Jeg Elementor Kit
Date: May 02, 2024
Research Description: The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's JKit - Banner widget in all versions up to, and including, 2.6.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Jeg Elementor Kit # CVE-2024-3161

CVE, Research URL: CVE-2024-3161
Home page URL: Security reports for Jeg Elementor Kit
Application: Jeg Elementor Kit
Date: May 02, 2024
Research Description: The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the countdown widget's attributes in all versions up to, and including, 2.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Jeg Elementor Kit # CVE-2024-32721

CVE, Research URL: CVE-2024-32721
Home page URL: Security reports for Jeg Elementor Kit
Application: Jeg Elementor Kit
Date: Apr 24, 2024
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jegtheme Jeg Elementor Kit allows Stored XSS.This issue affects Jeg Elementor Kit: from n/a through 2.6.3.
Affected versions: Min -, max -.
Status: vulnerable

Jeg Elementor Kit # CVE-2024-3162

CVE, Research URL: CVE-2024-3162
Home page URL: Security reports for Jeg Elementor Kit
Application: Jeg Elementor Kit
Date: Apr 03, 2024
Research Description: The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Testimonial Widget Attributes in all versions up to, and including, 2.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. CVE-2024-32721 is likely a duplicate of this issue.
Affected versions: Min -, max -.
Status: vulnerable

Jun 17, 2024

Jeg Elementor Kit # CVE-2024-4479

CVE, Research URL: CVE-2024-4479
Home page URL: Security reports for Jeg Elementor Kit
Application: Jeg Elementor Kit
Date: Jun 15, 2024
Research Description: The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the sg_general_toggle_tab_enable and sg_accordion_style attributes within the plugin's JKit - Tabs and JKit - Accordion widget, respectively, in all versions up to, and including, 2.6.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Aug 27, 2024

Jeg Elementor Kit # CVE-2024-6804

CVE, Research URL: CVE-2024-6804
Home page URL: Security reports for Jeg Elementor Kit
Application: Jeg Elementor Kit
Date: Aug 27, 2024
Research Description: The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.6.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.
Affected versions: Min -, max -.
Status: vulnerable

Oct 03, 2024

Jeg Elementor Kit # CVE-2024-47390

CVE, Research URL: CVE-2024-47390
Home page URL: Security reports for Jeg Elementor Kit
Application: Jeg Elementor Kit
Date: Oct 05, 2024
Research Description: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jegtheme Jeg Elementor Kit allows Stored XSS.This issue affects Jeg Elementor Kit: from n/a through 2.6.8.
Affected versions: Min -, max -.
Status: vulnerable

Nov 26, 2024

Jeg Elementor Kit # CVE-2024-10308

CVE, Research URL: CVE-2024-10308
Home page URL: Security reports for Jeg Elementor Kit
Application: Jeg Elementor Kit
Date: Nov 26, 2024
Research Description: The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's JKit - Countdown widget in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Jeg Elementor Kit # CVE-2024-8899

CVE, Research URL: CVE-2024-8899
Home page URL: Security reports for Jeg Elementor Kit
Application: Jeg Elementor Kit
Date: Nov 26, 2024
Research Description: The Jeg Elementor Kit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.9 via the render_content function in class/elements/views/class-tabs-view.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data.
Affected versions: Min -, max -.
Status: vulnerable

Mar 01, 2025

Jeg Elementor Kit # CVE-2024-13217

CVE, Research URL: CVE-2024-13217
Home page URL: Security reports for Jeg Elementor Kit
Application: Jeg Elementor Kit
Date: Feb 27, 2025
Research Description: The Jeg Elementor Kit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.11 via the 'expired_data' and 'build_content' functions. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, scheduled, and draft template data.
Affected versions: Min -, max -.
Status: vulnerable

May 10, 2025

Jeg Elementor Kit # CVE-2025-2944

CVE, Research URL: CVE-2025-2944
Home page URL: Security reports for Jeg Elementor Kit
Application: Jeg Elementor Kit
Date: May 10, 2025
Research Description: The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Video Button and Countdown Widgets in all versions up to, and including, 2.6.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable