Stored Cross-Site Scripting Vulnerability in Jeg Elementor Kit Plugin
CVE-2024-1327

5.4MEDIUM

Key Information:

Vendor: Wordpress
Status: Jeg Elementor Kit
Vendor: CVE Published:; 3 April 2024

Summary

The Jeg Elementor Kit plugin for WordPress contains a Stored Cross-Site Scripting (XSS) vulnerability that affects all versions up to and including 2.6.3. This vulnerability arises due to inadequate input sanitization and output escaping in the plugin's image box widget. Authenticated users with contributor-level permissions or higher can exploit this flaw to inject arbitrary web scripts into pages, which can be executed when other users access these compromised pages. This can result in various security issues, ranging from unauthorized data access to complete control over affected sites.

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/jeg-elementor-...

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 3, 2024