CVE-2024-10308 Jeg Elementor Kit <= 2.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via JKit - Countdown Widget

The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's JKit - Countdown widget in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-10308

CVE-2024-10308 — Jeg Elementor Kit (WordPress)

CVE-2024-4479

The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the sggeneraltoggletabenable and sgaccordionstyle attributes within the plugin's JKit - Tabs and JKit - Accordion widget, respectively, in all versions up to, and including, 2.6.5 due to insufficient input...

CVE-2024-4479 Jeg Elementor Kit <= 2.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via JKit - Tabs and JKit - Accordion Widgets

The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the sggeneraltoggletabenable and sgaccordionstyle attributes within the plugin's JKit - Tabs and JKit - Accordion widget, respectively, in all versions up to, and including, 2.6.5 due to insufficient input...

CVE-2024-4479 Jeg Elementor Kit <= 2.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via JKit - Tabs and JKit - Accordion Widgets

The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the sggeneraltoggletabenable and sgaccordionstyle attributes within the plugin's JKit - Tabs and JKit - Accordion widget, respectively, in all versions up to, and including, 2.6.5 due to insufficient input...

PT-2024-31250 · WordPress · Jeg Elementor Kit

Name of the Vulnerable Software and Affected Versions: Jeg Elementor Kit plugin for WordPress versions up to, and including, 2.6.5 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping in the sg general toggle tab enable and sg...

CVE-2024-3819

The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's JKit - Banner widget in all versions up to, and including, 2.6.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...

Jeg Elementor Kit < 2.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via JKit - Banner

Description The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's JKit - Banner widget in all versions up to, and including, 2.6.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...