CVE-2022-3805 : JEG ELEMENTOR KIT PLUGIN UP TO 2.5.6 ON WORDPRESS SETTING AUTHORIZATION

Description

The Jeg Elementor Kit plugin for WordPress is vulnerable to authorization bypass in various functions used to update the plugin settings in versions up to, and including, 2.5.6. Unauthenticated users can use an easily available nonce, obtained from pages edited by the plugin, to update the MailChimp API key, global styles, 404 page settings, and enabled elements.

References

https://wordpress.org/plugins/jeg-elementor-kit/#developers

https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2811758%40jeg-elementor-kit%2Ftrunk&old=2810568%40jeg-elementor-kit%2Ftrunk&sfp_email=&sfph_mail=

https://www.wordfence.com/threat-intel/vulnerabilities/id/c9955d65-afb3-4d28-abd2-9f2fec92d013

For More Information

MITRE

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2023-0556 : CONTENTSTUDIO PLUGIN UP TO 1.2.5 ON WORDPRESS CSTU_GET_METADATA AUTHORIZATION

CVE-2023-0556 : CONTENTSTUDIO PLUGIN UP TO 1.2.5 ON WORDPRESS CSTU_GET_METADATA AUTHORIZATION

Description The ContentStudio plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several functions

CVE-2022-48108 : D-LINK DIR-878 1.30B08 SUBNETMASK COMMAND INJECTION

CVE-2022-48108 : D-LINK DIR-878 1.30B08 SUBNETMASK COMMAND INJECTION

Description D-Link DIR_878_FW1.30B08 was discovered to contain a command injection vulnerability via the component /SetNetworkSettings/SubnetMask. This vulnerability allows attackers to

CVE-2022-47767 : SOLAR-LOG GATEWAY UP TO 4.2.7/5.1.1 SLCORE BACKDOOR

CVE-2022-47767 : SOLAR-LOG GATEWAY UP TO 4.2.7/5.1.1 SLCORE BACKDOOR

Description A backdoor in Solar-Log Gateway products allows remote access via web panel gaining super administration privileges to the attacker.