Jegtheme

Jeg Elementor Kit

18 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.4

CVE-2025-14275

  • EPSS 0.04%
  • Veröffentlicht 08.01.2026 02:21:16
  • Zuletzt bearbeitet 08.01.2026 18:08:18

The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.0.1 due to insufficient input sanitization in the countdown widget's redirect functionality. This makes it possible for au...

6.4

CVE-2025-2944

  • EPSS 0.16%
  • Veröffentlicht 10.05.2025 05:32:16
  • Zuletzt bearbeitet 12.05.2025 17:32:32

The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Video Button and Countdown Widgets in all versions up to, and including, 2.6.12 due to insufficient input sanitization and output escaping on use...

4.3

CVE-2024-13217

  • EPSS 0.16%
  • Veröffentlicht 27.02.2025 12:15:34
  • Zuletzt bearbeitet 25.03.2025 13:29:59

The Jeg Elementor Kit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.11 via the 'expired_data' and 'build_content' functions. This makes it possible for authenticated attackers, with Con...

4.3

CVE-2024-8899

  • EPSS 0.16%
  • Veröffentlicht 26.11.2024 11:22:09
  • Zuletzt bearbeitet 09.01.2025 20:28:09

The Jeg Elementor Kit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.9 via the render_content function in class/elements/views/class-tabs-view.php. This makes it possible for authenticat...

5.4

CVE-2024-10308

  • EPSS 0.12%
  • Veröffentlicht 26.11.2024 11:15:16
  • Zuletzt bearbeitet 09.01.2025 20:30:43

The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's JKit - Countdown widget in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping on user supplied a...

5.4

CVE-2024-47390

  • EPSS 0.14%
  • Veröffentlicht 05.10.2024 15:15:16
  • Zuletzt bearbeitet 22.01.2025 18:25:14

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jegtheme Jeg Elementor Kit allows Stored XSS.This issue affects Jeg Elementor Kit: from n/a through 2.6.8.

5.4

CVE-2024-6804

  • EPSS 0.4%
  • Veröffentlicht 27.08.2024 07:15:03
  • Zuletzt bearbeitet 12.09.2024 21:31:45

The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.6.7 due to insufficient input sanitization and output escaping. This makes it possible for authentica...

5.4

CVE-2024-4479

  • EPSS 0.25%
  • Veröffentlicht 15.06.2024 02:15:51
  • Zuletzt bearbeitet 21.11.2024 09:42:54

The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the sg_general_toggle_tab_enable and sg_accordion_style attributes within the plugin's JKit - Tabs and JKit - Accordion widget, respectively, in all versions ...

5.4

CVE-2024-3819

  • EPSS 0.24%
  • Veröffentlicht 02.05.2024 17:15:31
  • Zuletzt bearbeitet 15.01.2025 18:03:05

The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's JKit - Banner widget in all versions up to, and including, 2.6.4 due to insufficient input sanitization and output escaping on user supplied attr...

5.4

CVE-2024-3161

  • EPSS 0.22%
  • Veröffentlicht 02.05.2024 17:15:22
  • Zuletzt bearbeitet 15.01.2025 18:09:36

The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the countdown widget's attributes in all versions up to, and including, 2.6.4 due to insufficient input sanitization and output escaping. This makes it possib...