3 matches found
WordPress Jeg Elementor Kit Plugin < 2.5.7 is vulnerable to Broken Access Control
Software Jeg Elementor Kit Type Plugin Vulnerable versions 2.5.7 Fixed in 2.5.7 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-3805 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID cb8e3a1233cd Credits Ramuel Gall Required privile...
CVE-2022-3805 Jeg Elementor Kit <= 2.5.6 - Unauthenticated Authorization Bypass
The Jeg Elementor Kit plugin for WordPress is vulnerable to authorization bypass in various functions used to update the plugin settings in versions up to, and including, 2.5.6. Unauthenticated users can use an easily available nonce, obtained from pages edited by the plugin, to update the...
CVE-2022-3805
Summary: CVE-2022-3805 affects the Jeg Elementor Kit plugin for WordPress (versions up to and including 2.5.6). The vulnerability is an authorization bypass in functions that update plugin settings, allowing unauthenticated users to update the MailChimp API key, global styles, 404 page settings, ...