WordPress Plugin Vulnerabilities

Jeg Elementor Kit < 2.6.12 - Authenticated (Contributor+) Sensitive Information Exposure via Countdown and Off-Canvas

Description

The Jeg Elementor Kit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.11 via the 'expired_data' and 'build_content' functions. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, scheduled, and draft template data.

Affects Plugins

Plugin icon
jeg-elementor-kit
Fixed in 2.6.12

References

CVE
CVE-2024-13217
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/2136cad8-6b0b-4458-a357-6e98f1ac3e0b

Miscellaneous

Original Researcher
Ankit Patel
Verified
No
WPVDB ID
2461a3f3-f31c-456a-b491-8db88b25a8f7

Timeline

Publicly Published
2025-02-26 (about 1 year ago)
Added
2025-02-27 (about 1 year ago)
Last Updated
2025-02-27 (about 1 year ago)

Other

Published
Title
Published
2016-09-20
Title
WP Support Plus Responsive Ticket System < 7.1.0 - Insecure Direct Object Reference
Published
2025-02-14
Title
Bit Assist < 1.5.3 - Subscriber+ Arbitrary File Read via fileID Parameter
Published
2014-08-01
Title
Firestats - Remote Configuration File Download
Published
2017-01-11
Title
WordPress 3.0-4.7 - Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Published
2018-04-03
Title
WordPress 3.7-4.9.4 - Remove localhost Default