CVE-2022-3794

Опубликовано: 22 дек. 2022

Источник: nvd

CVSS3: 5.4

CVSS3: 4.3

EPSS Низкий

Описание

The Jeg Elementor Kit plugin for WordPress is vulnerable to authorization bypass in various AJAX actions in versions up to, and including, 2.5.6. Authenticated users can use an easily available nonce value to create header templates and make additional changes to the site, as the plugin does not use capability checks for this purpose.

Ссылки

https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2811758%40jeg-elementor-kit%2Ftrunk&old=2810568%40jeg-elementor-kit%2Ftrunk&sfp_email=&sfph_mail=
Exploit
Third Party Advisory
https://wordpress.org/plugins/jeg-elementor-kit/#developers
Product
Release Notes
Third Party Advisory
https://www.wordfence.com/threat-intel/vulnerabilities/id/84b616fa-ff64-49e8-8c4a-7d7bfdf758be
Third Party Advisory
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2811758%40jeg-elementor-kit%2Ftrunk&old=2810568%40jeg-elementor-kit%2Ftrunk&sfp_email=&sfph_mail=
Exploit
Third Party Advisory
https://wordpress.org/plugins/jeg-elementor-kit/#developers
Product
Release Notes
Third Party Advisory
https://www.wordfence.com/threat-intel/vulnerabilities/id/84b616fa-ff64-49e8-8c4a-7d7bfdf758be
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:jegtheme:jeg_elementor_kit:*:*:*:*:*:wordpress:*:*

Версия до 2.5.7 (исключая)

EPSS

Процентиль: 39%

0.00175

Низкий

5.4 Medium

CVSS3

4.3 Medium

CVSS3

Дефекты

Связанные уязвимости

GHSA-76x6-fwvj-q76m

CVSS3: 4.3

github

около 3 лет назад

EPSS

Процентиль: 39%

0.00175

Низкий

5.4 Medium

CVSS3

4.3 Medium

CVSS3