CVE-2022-3805 : JEG ELEMENTOR KIT PLUGIN UP TO 2.5.6 ON WORDPRESS SETTING AUTHORIZATION

Description

The Jeg Elementor Kit plugin for WordPress is vulnerable to authorization bypass in various functions used to update the plugin settings in versions up to, and including, 2.5.6. Unauthenticated users can use an easily available nonce, obtained from pages edited by the plugin, to update the MailChimp API key, global styles, 404 page settings, and enabled elements.

References

https://wordpress.org/plugins/jeg-elementor-kit/#developers

https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2811758%40jeg-elementor-kit%2Ftrunk&old=2810568%40jeg-elementor-kit%2Ftrunk&sfp_email=&sfph_mail=

https://www.wordfence.com/threat-intel/vulnerabilities/id/c9955d65-afb3-4d28-abd2-9f2fec92d013

For More Information

MITRE

Contact us to get started

CVE-2023-4291 : Frauscher Sensortechnik FDS101 For FAdC 1.4.24 Code Injection

Description Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi v1.4.24 and all previous versions are vulnerable to a remote code execution (RCE)

Learn more

CVE-2023-2163 : Linux Kernel 5.4 BPF kernel/bpf/verifier.c backtrack_insn calculation

Description Incorrect verifier pruning in BPF in Linux Kernel >=5.4 leads to unsafe code paths being incorrectly marked as safe,

Learn more

CVE-2023-42454 : SQLpage Up To 0.11.0 Database Connection String sqlpage/sqlpage.json Information Disclosure

Description SQLpage is a SQL-only webapp builder. Someone using SQLpage versions prior to 0.11.1, whose SQLpage instance is exposed publicly,

Learn more