Lucene search

CVE-2022-3794

🗓️ 22 Dec 2022 21:10:15Reported by WordfenceType

The Jeg Elementor Kit plugin for WordPress is vulnerable to authorization bypass in various AJAX actions in versions up to, and including, 2.5.6. Authenticated users can use an easily available nonce value to create header templates and make additional changes to the site

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 6
WPVulnDB	Jeg Elementor Kit < 2.5.7 - Subscriber+ Authorization Bypass	4 Nov 202200:00	–	wpvulndb
NVD	CVE-2022-3794	22 Dec 202221:15	–	nvd
RedhatCVE	CVE-2022-3794	23 May 202500:55	–	redhatcve
Vulnrichment	CVE-2022-3794	22 Dec 202220:27	–	vulnrichment
Prion	Authorization	22 Dec 202221:15	–	prion
Cvelist	CVE-2022-3794	22 Dec 202220:27	–	cvelist

Nvd

Vulners

Node

jegtheme jeg_elementor_kitRange<2.5.7wordpress

[
  {
    "vendor": "jegtheme",
    "product": "Jeg Elementor Kit",
    "versions": [
      {
        "version": "*",
        "status": "affected",
        "lessThanOrEqual": "2.5.6",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
wordpress	www.wordpress.org/plugins/jeg-elementor-kit/
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/84b616fa-ff64-49e8-8c4a-7d7bfdf758be
plugins	www.plugins.trac.wordpress.org/changeset

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

22 Dec 2022 21:15Current

4.5Medium risk

Vulners AI Score4.5

CVSS34.3 - 5.4

EPSS0.00178

SSVC