CVE-2022-3794

CVSS V2 None CVSS V3 None
Description
The Jeg Elementor Kit plugin for WordPress is vulnerable to authorization bypass in various AJAX actions in versions up to, and including, 2.5.6. Authenticated users can use an easily available nonce value to create header templates and make additional changes to the site, as the plugin does not use capability checks for this purpose.
Overview
  • CVE ID
  • CVE-2022-3794
  • Assigner
  • security@wordfence.com
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2022-12-22T21:15:10
  • Last Modified Date
  • 2022-12-30T21:13:15
Weakness Enumerations
CWE URL
CWE-639 http://cwe.mitre.org/data/definitions/639.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:jegtheme:jeg_elementor_kit:*:*:*:*:*:wordpress:*:* 1 OR 2.5.7
References
Reference URL Reference Tags
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2811758%40jeg-elementor-kit%2Ftrunk&old=2810568%40jeg-elementor-kit%2Ftrunk&sfp_email=&sfph_mail=
https://wordpress.org/plugins/jeg-elementor-kit/#developers
https://www.wordfence.com/threat-intel/vulnerabilities/id/84b616fa-ff64-49e8-8c4a-7d7bfdf758be
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2022-3794
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3794
History
Created Old Value New Value Data Type Notes
2022-12-22 22:15:39 Added to TrackCVE
2022-12-22 22:15:40 Weakness Enumeration new
2022-12-27 19:14:51 Awaiting Analysis Undergoing Analysis Vulnerability Status updated
2022-12-30 21:14:22 2022-12-30T21:13:15 CVE Modified Date updated
2022-12-30 21:14:22 Undergoing Analysis Analyzed Vulnerability Status updated
2022-12-30 21:14:24 CPE Information updated