The vulnerability of the Image Box component in the Jeg Elementor Kit plugin of the WordPress content management system allows attackers to perform cross-site scripting attacks.

🗓️ 30 Apr 2024 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 1 Views

Image Box flaw in Jeg Elementor Kit enables remote cross-site scripting due to weak page-structure protection.

Reporter	Title	Published	Views	Family All 12
CNNVD	WordPress Plugin Jeg Elementor Kit 安全漏洞	3 Apr 202400:00	–	cnnvd
CVE	CVE-2024-1327	3 Apr 202402:32	–	cve
Cvelist	CVE-2024-1327 Jeg Elementor Kit <= 2.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Box	3 Apr 202402:32	–	cvelist
EUVD	EUVD-2024-17085	3 Oct 202520:07	–	euvd
NVD	CVE-2024-1327	3 Apr 202403:15	–	nvd
Patchstack	WordPress Jeg Elementor Kit Plugin <= 2.6.3 is vulnerable to Cross Site Scripting (XSS)	3 Apr 202400:00	–	patchstack
Patchstack	WordPress Jeg Elementor Kit plugin <= 2.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Box andTestimonial vulnerability	3 Apr 202407:17	–	patchstack
Positive Technologies	PT-2024-3147 · WordPress · Jeg Elementor Kit	7 Feb 202400:00	–	ptsecurity
RedhatCVE	CVE-2024-1327	23 May 202508:23	–	redhatcve
Vulnrichment	CVE-2024-1327 Jeg Elementor Kit <= 2.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Box	3 Apr 202402:32	–	vulnrichment

Vulners

Node

wordpress jeg_elementor_kitRange≤2.6.3

Source	Link
wordfence	www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/jeg-elementor-kit/jeg-elementor-kit-263-authenticated-contributor-stored-cross-site-scripting-via-image-box
vuldb	www.vuldb.com/de/
web	www.web.nvd.nist.gov/view/vuln/detail

30 Apr 2024 00:00Current

7.5High risk

Vulners AI Score7.5

CVSS 25.5

CVSS 36.4

EPSS0.00139

image box flaw jeg elementor kit wordpress plugin cross site scripting page structure protection