Stored Cross-Site Scripting Vulnerability in Jeg Elementor Kit Plugin for WordPress
CVE-2024-3819
5.4MEDIUM
Summary
The Jeg Elementor Kit plugin for WordPress is susceptible to Stored Cross-Site Scripting (XSS) attacks via the JKit - Banner widget. This vulnerability arises from inadequate input sanitization and output escaping concerning user-supplied attributes. Authenticated attackers with contributor-level access or higher can exploit this flaw to inject malicious scripts into web pages, which can be executed when users visit the compromised pages. This situation poses significant risks, allowing attackers to manipulate website content and potentially compromise user data.
Affected Version(s)
Jeg Elementor Kit * <= 2.6.4
References
CVSS V3.1
Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Credit
wesley