Lucene search
K

143 matches found

Nuclei
Nuclei
added 13 hours ago20 views

Jeg Elementor Kit < 2.5.7 - Unauthenticated Settings Update

The Jeg Elementor Kit plugin for WordPress is vulnerable to authorization bypass in various functions used to update the plugin settings in versions up to, and including, 2.5.6. Unauthenticated users can use an easily available nonce, obtained from pages edited by the plugin, to update the...

8.6CVSS7.1AI score0.01594EPSS
Exploits1References4
Patchstack
Patchstack
added 2026/02/03 3:7 p.m.6 views

WordPress Jeg Elementor Kit plugin <= 2.6.4 - Authenticated (Contributor+) Cross-Site Scripting via Elementor Widget URL Custom Attributes vulnerability

Authenticated Contributor+ Cross-Site Scripting via Elementor Widget URL Custom Attributes vulnerability discovered by Webbernaut in WordPress Plugin Jeg Elementor Kit versions = 2.6.4...

6.4CVSS5.3AI score0.00402EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/02 1:10 p.m.5 views

WordPress Jeg Elementor Kit plugin <= 2.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Countdown Widget vulnerability discovered by Webbernaut in WordPress Plugin Jeg Elementor Kit versions = 2.6.4...

6.4CVSS5.3AI score0.00433EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/02 1:9 p.m.7 views

WordPress Jeg Elementor Kit plugin <= 2.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Testimonial vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Testimonial vulnerability discovered by wesley wcraft in WordPress Plugin Jeg Elementor Kit versions = 2.6.3...

6.4CVSS5.3AI score0.00323EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/09 9:16 a.m.4 views

CVE-2025-14275

The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.0.1 due to insufficient input sanitization in the countdown widget's redirect functionality. This makes it possible for authenticated attackers, with Contributor-level...

6.4CVSS5.1AI score0.00192EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/08 2:21 a.m.2 views

CVE-2025-14275 Jeg Elementor Kit <= 3.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget

The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.0.1 due to insufficient input sanitization in the countdown widget's redirect functionality. This makes it possible for authenticated attackers, with Contributor-level...

6.4CVSS4.8AI score0.00192EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/01/08 2:21 a.m.29 views

CVE-2025-14275 Jeg Elementor Kit <= 3.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget

The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.0.1 due to insufficient input sanitization in the countdown widget's redirect functionality. This makes it possible for authenticated attackers, with Contributor-level...

6.4CVSS0.00192EPSS
Exploits0References3
CVE
CVE
added 2026/01/08 2:21 a.m.18 views

CVE-2025-14275

CVE-2025-14275 affects Jeg Elementor Kit (WordPress) up to version 3.0.1 via Stored XSS in the countdown widget redirects. Authenticated attackers with Contributor+ can inject JavaScript that runs when an admin/user views the page containing the malicious countdown. CVSS 3.1 base score 6.4 (Netwo...

6.4CVSS4.8AI score0.00192EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/08 12:0 a.m.5 views

PT-2026-1733

Name of the Vulnerable Software and Affected Versions Jeg Elementor Kit versions up to and including 3.0.1 Description The Jeg Elementor Kit plugin for WordPress is susceptible to Stored Cross-Site Scripting due to inadequate input sanitization within the countdown widget’s redirect functionality...

6.4CVSS5.4AI score0.00192EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/01/08 12:0 a.m.3 views

WordPress plugin Jeg Elementor Kit 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

6.4CVSS5.6AI score0.00192EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/01/07 3:18 p.m.7 views

WordPress Jeg Elementor Kit plugin <= 3.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Countdown Widget vulnerability discovered by Webbernaut in WordPress Plugin Jeg Elementor Kit versions = 3.0.1...

6.4CVSS5.7AI score0.00192EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/10/24 10:35 p.m.3 views

WordPress Jeg Elementor Kit plugin < 2.7.0 - Author+ Stored XSS vulnerability

Author+ Stored XSS vulnerability discovered by Tony in WordPress Plugin Jeg Elementor Kit versions 2.7.0...

6.8CVSS6AI score0.00275EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/10/24 6:0 a.m.11 views

CVE-2025-9978 Jeg Elementor Kit < 2.7.0 - Author+ Stored XSS

The Jeg Kit for Elementor WordPress plugin before 2.7.0 does not sanitize SVG file contents when uploaded via xmlrpc.php, leading to a cross site scripting vulnerability...

0.00275EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/24 6:0 a.m.6 views

CVE-2025-9978 Jeg Elementor Kit < 2.7.0 - Author+ Stored XSS

The Jeg Kit for Elementor WordPress plugin before 2.7.0 does not sanitize SVG file contents when uploaded via xmlrpc.php, leading to a cross site scripting vulnerability...

5.8AI score0.00275EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-32390

Malicious code in bioql PyPI...

6.4CVSS6.5AI score0.00531EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-26140

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00394EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-42426

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00241EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-17085

Malicious code in bioql PyPI...

6.4CVSS8.8AI score0.0032EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-44093

Malicious code in bioql PyPI...

6.4CVSS6.5AI score0.00401EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-30508

Malicious code in bioql PyPI...

6.5CVSS6.3AI score0.00408EPSS
Exploits0References1
Rows per page
Query Builder