Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Jegtheme — Vulnerabilities & Security Advisories 25

Browse all 25 CVE security advisories affecting Jegtheme. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by Jegtheme:Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPressJeg Elementor KitJNewsEpic ReviewJNews GalleryJNews PaywallJNews - Frontend SubmitJNews - VideoJNews - Pay Writer
CVE IDTitleCVSSSeverityPublished
CVE-2025-68905 WordPress JNews - Pay Writer plugin <= 11.0.0 - Local File Inclusion vulnerability — JNews - Pay WriterCWE-98 8.1AIHighAI2026-01-22
CVE-2025-68906 WordPress JNews - Video plugin <= 11.0.2 - Reflected Cross Site Scripting (XSS) vulnerability — JNews - VideoCWE-79 6.1AIMediumAI2026-01-22
CVE-2025-68904 WordPress JNews - Frontend Submit plugin <= 11.0.0 - Reflected Cross Site Scripting (XSS) vulnerability — JNews - Frontend SubmitCWE-79 6.1AIMediumAI2026-01-22
CVE-2025-14275 Jeg Elementor Kit <= 3.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget — Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPressCWE-79 6.4 Medium2026-01-08
CVE-2025-67591 WordPress JNews Paywall plugin < 12.0.1 - Cross Site Request Forgery (CSRF) vulnerability — JNews PaywallCWE-352 4.3 Medium2025-12-09
CVE-2025-67538 WordPress JNews Gallery plugin < 12.0.1 - Cross Site Scripting (XSS) vulnerability — JNews GalleryCWE-79 5.4AIMediumAI2025-12-09
CVE-2025-53573 WordPress Epic Review Plugin <= 1.0.2 - Cross Site Scripting (XSS) Vulnerability — Epic ReviewCWE-79 7.1 High2025-11-06
CVE-2025-39373 WordPress JNews theme <= 12.0.5 - Broken Access Control vulnerability — JNewsCWE-862 5.3 Medium2025-05-19
CVE-2025-2944 Jeg Elementor Kit <= 2.6.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Video Button and Countdown Widgets — Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPressCWE-79 6.4 Medium2025-05-10
CVE-2024-13217 Jeg Elementor Kit <= 2.6.11 - Authenticated (Contributor+) Sensitive Information Exposure via Countdown and Off-Canvas — Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPressCWE-359 4.3 Medium2025-02-27
CVE-2024-10308 Jeg Elementor Kit <= 2.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via JKit - Countdown Widget — Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPressCWE-79 6.4 Medium2024-11-26
CVE-2024-8899 Jeg Elementor Kit <= 2.6.9 - Authenticated (Contributor+) Sensitive Information Exposure via sg_content_template — Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPressCWE-200 4.3 Medium2024-11-26
CVE-2024-47390 WordPress Jeg Elementor Kit plugin <= 2.6.8 - Cross Site Scripting (XSS) vulnerability — Jeg Elementor KitCWE-79 6.5 Medium2024-10-05
CVE-2024-6804 Jeg Elementor Kit <= 2.6.7 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File — Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPressCWE-79 6.4 Medium2024-08-27
CVE-2024-4479 Jeg Elementor Kit <= 2.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via JKit - Tabs and JKit - Accordion Widgets — Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPressCWE-79 6.4 Medium2024-06-15
CVE-2024-3161 Jeg Elementor Kit <= 2.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget — Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPressCWE-79 6.4 Medium2024-05-02
CVE-2024-3819 Jeg Elementor Kit <= 2.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via JKit - Banner — Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPressCWE-79 6.4 Medium2024-05-02
CVE-2024-0334 Jeg Elementor Kit <= 2.6.4 - Authenticated (Contributor+) Cross-Site Scripting via Elementor Widget URL Custom Attributes — Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPressCWE-79 6.4 Medium2024-05-01
CVE-2024-32721 WordPress Jeg Elementor Kit plugin <= 2.6.3 - Cross Site Scripting (XSS) vulnerability — Jeg Elementor KitCWE-79 6.5 Medium2024-04-24
CVE-2024-3162 Jeg Elementor Kit <= 2.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Testimonial — Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPressCWE-87 6.4 Medium2024-04-03
CVE-2024-1327 Jeg Elementor Kit <= 2.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Box — Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPressCWE-79 6.4 Medium2024-04-03
CVE-2024-29101 WordPress Jeg Elementor Kit plugin <= 2.6.2 - Cross Site Scripting (XSS) vulnerability — Jeg Elementor KitCWE-79 6.5 Medium2024-03-19
CVE-2024-1326 Jeg Elementor Kit <= 2.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via HTML Tags — Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPressCWE-79 6.4 Medium2024-03-12
CVE-2022-3794 Jeg Elementor Kit <= 2.5.6 - Authorization Bypass — Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPressCWE-639 5.4 Medium2022-12-22
CVE-2022-3805 Jeg Elementor Kit <= 2.5.6 - Unauthenticated Authorization Bypass — Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPressCWE-639 8.6 High2022-12-22

This page lists every published CVE security advisory associated with Jegtheme. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.