What is the severity of CVE-2022-3794?

The severity of CVE-2022-3794 is considered medium due to the potential for unauthorized changes to the site.

How do I fix CVE-2022-3794?

To fix CVE-2022-3794, update the Jeg Elementor Kit plugin to version 2.5.7 or later.

Who is affected by CVE-2022-3794?

Users of the Jeg Elementor Kit plugin for WordPress in versions up to 2.5.6 are affected by CVE-2022-3794.

What type of vulnerability is CVE-2022-3794?

CVE-2022-3794 is an authorization bypass vulnerability that affects AJAX actions in the Jeg Elementor Kit plugin.

Can CVE-2022-3794 be exploited by unauthenticated users?

No, CVE-2022-3794 can only be exploited by authenticated users.

Vulnerability/
CVE-2022-3794

medium

5.4

CWE

639

22/12/2022

15/1/2025

CVE-2022-3794

First published: Thu Dec 22 2022(Updated: )

The Jeg Elementor Kit plugin for WordPress is vulnerable to authorization bypass in various AJAX actions in versions up to, and including, 2.5.6. Authenticated users can use an easily available nonce value to create header templates and make additional changes to the site, as the plugin does not use capability checks for this purpose.

Credit: security@wordfence.com

Affected Software	Affected Version	How to fix
Jeg Elementor Kit	<2.5.7

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2022-3794?
The severity of CVE-2022-3794 is considered medium due to the potential for unauthorized changes to the site.
How do I fix CVE-2022-3794?
To fix CVE-2022-3794, update the Jeg Elementor Kit plugin to version 2.5.7 or later.
Who is affected by CVE-2022-3794?
Users of the Jeg Elementor Kit plugin for WordPress in versions up to 2.5.6 are affected by CVE-2022-3794.
What type of vulnerability is CVE-2022-3794?
CVE-2022-3794 is an authorization bypass vulnerability that affects AJAX actions in the Jeg Elementor Kit plugin.
Can CVE-2022-3794 be exploited by unauthenticated users?
No, CVE-2022-3794 can only be exploited by authenticated users.

agent/type
agent/softwarecombine
agent/references
agent/author
agent/weakness
agent/severity
agent/description
agent/first-publish-date
agent/event
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/jegtheme
canonical/jeg elementor kit

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.