CVE-2022-3805

CVSS V2 None CVSS V3 None
Description
The Jeg Elementor Kit plugin for WordPress is vulnerable to authorization bypass in various functions used to update the plugin settings in versions up to, and including, 2.5.6. Unauthenticated users can use an easily available nonce, obtained from pages edited by the plugin, to update the MailChimp API key, global styles, 404 page settings, and enabled elements.
Overview
  • CVE ID
  • CVE-2022-3805
  • Assigner
  • security@wordfence.com
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2022-12-22T21:15:10
  • Last Modified Date
  • 2022-12-30T21:07:25
Weakness Enumerations
CWE URL
CWE-639 http://cwe.mitre.org/data/definitions/639.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:jegtheme:jeg_elementor_kit:*:*:*:*:*:wordpress:*:* 1 OR 2.5.7
References
Reference URL Reference Tags
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2811758%40jeg-elementor-kit%2Ftrunk&old=2810568%40jeg-elementor-kit%2Ftrunk&sfp_email=&sfph_mail=
https://wordpress.org/plugins/jeg-elementor-kit/#developers
https://www.wordfence.com/threat-intel/vulnerabilities/id/c9955d65-afb3-4d28-abd2-9f2fec92d013
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2022-3805
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3805
History
Created Old Value New Value Data Type Notes
2022-12-22 22:15:39 Added to TrackCVE
2022-12-22 22:15:40 Weakness Enumeration new
2022-12-27 19:14:52 Awaiting Analysis Undergoing Analysis Vulnerability Status updated
2022-12-30 21:14:22 2022-12-30T21:07:25 CVE Modified Date updated
2022-12-30 21:14:22 Undergoing Analysis Analyzed Vulnerability Status updated
2022-12-30 21:14:24 CPE Information updated