CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4 matches found

NVD•added 2024/05/01 1:15 p.m.•13 views

CVE-2024-0334

The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom attribute of a link in several Elementor widgets in all versions up to, and including, 2.6.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS5.9AI score0.00214EPSS

Exploits0References2

WPVulnDB•added 2024/04/29 12:0 a.m.•17 views

Jeg Elementor Kit < 2.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via JKit - Banner

Description The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's JKit - Banner widget in all versions up to, and including, 2.6.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.8AI score0.00239EPSS

Exploits0References1Affected Software1

VulnCheck KEV•added 2023/01/03 12:0 a.m.•2 views

VulnCheck KEV: CVE-2022-3805

The Jeg Elementor Kit plugin for WordPress is vulnerable to authorization bypass in various functions used to update the plugin settings in versions up to, and including, 2.5.6. Unauthenticated users can use an easily available nonce, obtained from pages edited by the plugin, to update the...

8.6CVSS7.1AI score0.08483EPSS

Exploits1References1