{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-03T07:41:22.992","vulnerabilities":[{"cve":{"id":"CVE-2022-3805","sourceIdentifier":"security@wordfence.com","published":"2022-12-22T21:15:10.650","lastModified":"2026-04-08T19:17:53.467","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The Jeg Elementor Kit plugin for WordPress is vulnerable to authorization bypass in various functions used to update the plugin settings in versions up to, and including, 2.5.6. Unauthenticated users can use an easily available nonce, obtained from pages edited by the plugin, to update the MailChimp API key, global styles, 404 page settings, and enabled elements."},{"lang":"es","value":"El complemento Jeg Elementor Kit para WordPress es vulnerable a la omisión de autorización en varias funciones utilizadas para actualizar la configuración del complemento en versiones hasta la 2.5.6 incluida. Los usuarios no autenticados pueden utilizar un nonce fácilmente disponible, obtenido de las páginas editadas por el complemento, para actualizar la clave API de MailChimp, los estilos globales, la configuración de la página 404 y los elementos habilitados."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":4.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-639"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:jegtheme:jeg_elementor_kit:*:*:*:*:*:wordpress:*:*","versionEndExcluding":"2.5.7","matchCriteriaId":"7C501FCF-A351-4656-888B-148F0574DDC0"}]}]}],"references":[{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2811758%40jeg-elementor-kit%2Ftrunk&old=2810568%40jeg-elementor-kit%2Ftrunk&sfp_email=&sfph_mail=","source":"security@wordfence.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://wordpress.org/plugins/jeg-elementor-kit/#developers","source":"security@wordfence.com","tags":["Product","Release Notes","Third Party Advisory"]},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/c9955d65-afb3-4d28-abd2-9f2fec92d013?source=cve","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2811758%40jeg-elementor-kit%2Ftrunk&old=2810568%40jeg-elementor-kit%2Ftrunk&sfp_email=&sfph_mail=","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://wordpress.org/plugins/jeg-elementor-kit/#developers","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Product","Release Notes","Third Party Advisory"]},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/c9955d65-afb3-4d28-abd2-9f2fec92d013","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}