143 matches found
Jeg Elementor Kit < 2.5.7 - Unauthenticated Settings Update
The Jeg Elementor Kit plugin for WordPress is vulnerable to authorization bypass in various functions used to update the plugin settings in versions up to, and including, 2.5.6. Unauthenticated users can use an easily available nonce, obtained from pages edited by the plugin, to update the...
WordPress Jeg Elementor Kit plugin <= 2.6.4 - Authenticated (Contributor+) Cross-Site Scripting via Elementor Widget URL Custom Attributes vulnerability
Authenticated Contributor+ Cross-Site Scripting via Elementor Widget URL Custom Attributes vulnerability discovered by Webbernaut in WordPress Plugin Jeg Elementor Kit versions = 2.6.4...
WordPress Jeg Elementor Kit plugin <= 2.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Countdown Widget vulnerability discovered by Webbernaut in WordPress Plugin Jeg Elementor Kit versions = 2.6.4...
WordPress Jeg Elementor Kit plugin <= 2.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Testimonial vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Testimonial vulnerability discovered by wesley wcraft in WordPress Plugin Jeg Elementor Kit versions = 2.6.3...
CVE-2025-14275
The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.0.1 due to insufficient input sanitization in the countdown widget's redirect functionality. This makes it possible for authenticated attackers, with Contributor-level...
CVE-2025-14275 Jeg Elementor Kit <= 3.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget
The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.0.1 due to insufficient input sanitization in the countdown widget's redirect functionality. This makes it possible for authenticated attackers, with Contributor-level...
CVE-2025-14275 Jeg Elementor Kit <= 3.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget
The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.0.1 due to insufficient input sanitization in the countdown widget's redirect functionality. This makes it possible for authenticated attackers, with Contributor-level...
CVE-2025-14275
CVE-2025-14275 affects Jeg Elementor Kit (WordPress) up to version 3.0.1 via Stored XSS in the countdown widget redirects. Authenticated attackers with Contributor+ can inject JavaScript that runs when an admin/user views the page containing the malicious countdown. CVSS 3.1 base score 6.4 (Netwo...
PT-2026-1733
Name of the Vulnerable Software and Affected Versions Jeg Elementor Kit versions up to and including 3.0.1 Description The Jeg Elementor Kit plugin for WordPress is susceptible to Stored Cross-Site Scripting due to inadequate input sanitization within the countdown widget’s redirect functionality...
WordPress plugin Jeg Elementor Kit 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...
WordPress Jeg Elementor Kit plugin <= 3.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Countdown Widget vulnerability discovered by Webbernaut in WordPress Plugin Jeg Elementor Kit versions = 3.0.1...
WordPress Jeg Elementor Kit plugin < 2.7.0 - Author+ Stored XSS vulnerability
Author+ Stored XSS vulnerability discovered by Tony in WordPress Plugin Jeg Elementor Kit versions 2.7.0...
CVE-2025-9978 Jeg Elementor Kit < 2.7.0 - Author+ Stored XSS
The Jeg Kit for Elementor WordPress plugin before 2.7.0 does not sanitize SVG file contents when uploaded via xmlrpc.php, leading to a cross site scripting vulnerability...
CVE-2025-9978 Jeg Elementor Kit < 2.7.0 - Author+ Stored XSS
The Jeg Kit for Elementor WordPress plugin before 2.7.0 does not sanitize SVG file contents when uploaded via xmlrpc.php, leading to a cross site scripting vulnerability...
EUVD-2024-32390
Malicious code in bioql PyPI...
EUVD-2024-26140
Malicious code in bioql PyPI...
EUVD-2024-42426
Malicious code in bioql PyPI...
EUVD-2024-17085
Malicious code in bioql PyPI...
EUVD-2024-44093
Malicious code in bioql PyPI...
EUVD-2024-30508
Malicious code in bioql PyPI...