2 matches found
CVE-2022-3794 Jeg Elementor Kit <= 2.5.6 - Authorization Bypass
The Jeg Elementor Kit plugin for WordPress is vulnerable to authorization bypass in various AJAX actions in versions up to, and including, 2.5.6. Authenticated users can use an easily available nonce value to create header templates and make additional changes to the site, as the plugin does not...
CVE-2022-3794
Summary: CVE-2022-3794 affects the WordPress plugin Jeg Elementor Kit up to version 2.5.6. The issue is an authorization bypass in various AJAX actions where an authenticated user can exploit an easily available nonce value due to missing capability checks. What is affected: Jeg Elementor Kit plu...