CVE-2022-3794 – Jeg Elementor Kit <= 2.5.6 - Authorization Bypass

https://notcve.org/view.php?id=CVE-2022-3794

The Jeg Elementor Kit plugin for WordPress is vulnerable to authorization bypass in various AJAX actions in versions up to, and including, 2.5.6. Authenticated users can use an easily available nonce value to create header templates and make additional changes to the site, as the plugin does not use capability checks for this purpose. El complemento Jeg Elementor Kit para WordPress es vulnerable a la omisión de autorización en varias acciones AJAX en versiones hasta la 2.5.6 incluida. Los usuarios autenticados pueden utilizar un valor nonce fácilmente disponible para crear plantillas de encabezado y realizar cambios adicionales en el sitio, ya que el complemento no utiliza comprobaciones de capacidad para este propósito. • https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2811758%40jeg-elementor-kit%2Ftrunk&old=2810568%40jeg-elementor-kit%2Ftrunk&sfp_email=&sfph_mail= https://wordpress.org/plugins/jeg-elementor-kit/#developers https://www.wordfence.com/threat-intel/vulnerabilities/id/84b616fa-ff64-49e8-8c4a-7d7bfdf758be • CWE-639: Authorization Bypass Through User-Controlled Key •