Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

jegtheme — Vulnerabilities & Security Advisories 26

Browse all 26 CVE security advisories affecting jegtheme. AI-powered Chinese analysis, POCs, and references for each vulnerability.

jegtheme operates primarily as a developer of WordPress themes and plugins, catering to niche markets such as gaming, streaming, and community platforms. Security audits reveal a concerning pattern of twenty-six recorded Common Vulnerabilities and Exposures (CVEs), indicating systemic weaknesses in their codebase. Historically, these flaws frequently manifest as Remote Code Execution (RCE) and Cross-Site Scripting (XSS) vulnerabilities, often stemming from insufficient input validation and improper sanitization of user-supplied data. Additionally, several incidents involve privilege escalation, allowing unauthenticated users to gain administrative access or execute arbitrary commands on affected servers. The high volume of disclosed CVEs suggests a lack of rigorous security testing during the development lifecycle. While specific major breaches linked directly to jegtheme are not widely publicized, the consistent recurrence of critical vulnerabilities poses significant risks to organizations relying on their software for web infrastructure, necessitating immediate updates and strict access controls.

Top products by jegtheme: Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPress Jeg Elementor Kit JNews Epic Review JNews Gallery JNews Paywall JNews - Frontend Submit JNews - Video JNews - Pay Writer
CVE IDTitleCVSSSeverityPublished
CVE-2026-6916 Jeg Kit for Elementor <= 3.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'sg_content_number_prefix' Shortcode Attribute — Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPressCWE-79 6.4 Medium2026-05-02
CVE-2025-68905 WordPress JNews - Pay Writer plugin <= 11.0.0 - Local File Inclusion vulnerability — JNews - Pay WriterCWE-98 7.5 High2026-01-22
CVE-2025-68906 WordPress JNews - Video plugin <= 11.0.2 - Reflected Cross Site Scripting (XSS) vulnerability — JNews - VideoCWE-79 7.1 High2026-01-22
CVE-2025-68904 WordPress JNews - Frontend Submit plugin <= 11.0.0 - Reflected Cross Site Scripting (XSS) vulnerability — JNews - Frontend SubmitCWE-79 7.1 High2026-01-22
CVE-2025-14275 Jeg Elementor Kit <= 3.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget — Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPressCWE-79 6.4 Medium2026-01-08
CVE-2025-67591 WordPress JNews Paywall plugin < 12.0.1 - Cross Site Request Forgery (CSRF) vulnerability — JNews PaywallCWE-352 4.3 Medium2025-12-09
CVE-2025-67538 WordPress JNews Gallery plugin < 12.0.1 - Cross Site Scripting (XSS) vulnerability — JNews GalleryCWE-79 6.5 Medium2025-12-09
CVE-2025-53573 WordPress Epic Review Plugin <= 1.0.2 - Cross Site Scripting (XSS) Vulnerability — Epic ReviewCWE-79 7.1 High2025-11-06
CVE-2025-39373 WordPress JNews Theme <= 11.6.16 - Broken Access Control Vulnerability — JNewsCWE-862 5.3 Medium2025-05-19
CVE-2025-2944 Jeg Elementor Kit <= 2.6.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Video Button and Countdown Widgets — Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPressCWE-79 6.4 Medium2025-05-10
CVE-2024-13217 Jeg Elementor Kit <= 2.6.11 - Authenticated (Contributor+) Sensitive Information Exposure via Countdown and Off-Canvas — Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPressCWE-359 4.3 Medium2025-02-27
CVE-2024-10308 Jeg Elementor Kit <= 2.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via JKit - Countdown Widget — Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPressCWE-79 6.4 Medium2024-11-26
CVE-2024-8899 Jeg Elementor Kit <= 2.6.9 - Authenticated (Contributor+) Sensitive Information Exposure via sg_content_template — Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPressCWE-200 4.3 Medium2024-11-26
CVE-2024-47390 WordPress Jeg Elementor Kit plugin <= 2.6.8 - Cross Site Scripting (XSS) vulnerability — Jeg Elementor KitCWE-79 6.5 Medium2024-10-05
CVE-2024-6804 Jeg Elementor Kit <= 2.6.7 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File — Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPressCWE-79 6.4 Medium2024-08-27
CVE-2024-4479 Jeg Elementor Kit <= 2.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via JKit - Tabs and JKit - Accordion Widgets — Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPressCWE-79 6.4 Medium2024-06-15
CVE-2024-3161 Jeg Elementor Kit <= 2.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget — Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPressCWE-79 6.4 Medium2024-05-02
CVE-2024-3819 Jeg Elementor Kit <= 2.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via JKit - Banner — Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPressCWE-79 6.4 Medium2024-05-02
CVE-2024-0334 Jeg Elementor Kit <= 2.6.4 - Authenticated (Contributor+) Cross-Site Scripting via Elementor Widget URL Custom Attributes — Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPressCWE-79 6.4 Medium2024-05-01
CVE-2024-32721 WordPress Jeg Elementor Kit plugin <= 2.6.3 - Cross Site Scripting (XSS) vulnerability — Jeg Elementor KitCWE-79 6.5 Medium2024-04-24
CVE-2024-3162 Jeg Elementor Kit <= 2.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Testimonial — Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPressCWE-87 6.4 Medium2024-04-03
CVE-2024-1327 Jeg Elementor Kit <= 2.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Box — Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPressCWE-79 6.4 Medium2024-04-03
CVE-2024-29101 WordPress Jeg Elementor Kit plugin <= 2.6.2 - Cross Site Scripting (XSS) vulnerability — Jeg Elementor KitCWE-79 6.5 Medium2024-03-19
CVE-2024-1326 Jeg Elementor Kit <= 2.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via HTML Tags — Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPressCWE-79 6.4 Medium2024-03-12
CVE-2022-3794 Jeg Elementor Kit <= 2.5.6 - Authorization Bypass — Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPressCWE-639 5.4 Medium2022-12-22
CVE-2022-3805 Jeg Elementor Kit <= 2.5.6 - Unauthenticated Authorization Bypass — Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPressCWE-639 8.6 High2022-12-22

This page lists every published CVE security advisory associated with jegtheme. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.