Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Jegtheme — Vulnerabilities & Security Advisories 26

Browse all 26 CVE security advisories affecting Jegtheme. AI-powered Chinese analysis, POCs, and references for each vulnerability.

jegtheme operates primarily as a developer of WordPress themes and plugins, catering to niche markets such as gaming, streaming, and community platforms. Security audits reveal a concerning pattern of twenty-six recorded Common Vulnerabilities and Exposures (CVEs), indicating systemic weaknesses in their codebase. Historically, these flaws frequently manifest as Remote Code Execution (RCE) and Cross-Site Scripting (XSS) vulnerabilities, often stemming from insufficient input validation and improper sanitization of user-supplied data. Additionally, several incidents involve privilege escalation, allowing unauthenticated users to gain administrative access or execute arbitrary commands on affected servers. The high volume of disclosed CVEs suggests a lack of rigorous security testing during the development lifecycle. While specific major breaches linked directly to jegtheme are not widely publicized, the consistent recurrence of critical vulnerabilities poses significant risks to organizations relying on their software for web infrastructure, necessitating immediate updates and strict access controls.

Found 16 results / 26Clear Filters
Top products by Jegtheme: Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPress Jeg Elementor Kit JNews Epic Review JNews Gallery JNews Paywall JNews - Frontend Submit JNews - Video JNews - Pay Writer
CVE IDTitleCVSSSeverityPublished
CVE-2026-6916 Jeg Kit for Elementor <= 3.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'sg_content_number_prefix' Shortcode Attribute — Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPressCWE-79 6.4 Medium2026-05-02
CVE-2025-14275 Jeg Elementor Kit <= 3.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget — Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPressCWE-79 6.4 Medium2026-01-08
CVE-2025-2944 Jeg Elementor Kit <= 2.6.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Video Button and Countdown Widgets — Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPressCWE-79 6.4 Medium2025-05-10
CVE-2024-13217 Jeg Elementor Kit <= 2.6.11 - Authenticated (Contributor+) Sensitive Information Exposure via Countdown and Off-Canvas — Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPressCWE-359 4.3 Medium2025-02-27
CVE-2024-10308 Jeg Elementor Kit <= 2.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via JKit - Countdown Widget — Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPressCWE-79 6.4 Medium2024-11-26
CVE-2024-8899 Jeg Elementor Kit <= 2.6.9 - Authenticated (Contributor+) Sensitive Information Exposure via sg_content_template — Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPressCWE-200 4.3 Medium2024-11-26
CVE-2024-6804 Jeg Elementor Kit <= 2.6.7 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File — Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPressCWE-79 6.4 Medium2024-08-27
CVE-2024-4479 Jeg Elementor Kit <= 2.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via JKit - Tabs and JKit - Accordion Widgets — Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPressCWE-79 6.4 Medium2024-06-15
CVE-2024-3161 Jeg Elementor Kit <= 2.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget — Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPressCWE-79 6.4 Medium2024-05-02
CVE-2024-3819 Jeg Elementor Kit <= 2.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via JKit - Banner — Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPressCWE-79 6.4 Medium2024-05-02
CVE-2024-0334 Jeg Elementor Kit <= 2.6.4 - Authenticated (Contributor+) Cross-Site Scripting via Elementor Widget URL Custom Attributes — Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPressCWE-79 6.4 Medium2024-05-01
CVE-2024-3162 Jeg Elementor Kit <= 2.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Testimonial — Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPressCWE-87 6.4 Medium2024-04-03
CVE-2024-1327 Jeg Elementor Kit <= 2.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Box — Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPressCWE-79 6.4 Medium2024-04-03
CVE-2024-1326 Jeg Elementor Kit <= 2.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via HTML Tags — Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPressCWE-79 6.4 Medium2024-03-12
CVE-2022-3794 Jeg Elementor Kit <= 2.5.6 - Authorization Bypass — Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPressCWE-639 5.4 Medium2022-12-22
CVE-2022-3805 Jeg Elementor Kit <= 2.5.6 - Unauthenticated Authorization Bypass — Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPressCWE-639 8.6 High2022-12-22

This page lists every published CVE security advisory associated with Jegtheme. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.