CVE-2022-3805

Name of the Vulnerable Software and Affected Versions Jeg Elementor Kit plugin for WordPress versions up to, and including, 2.5.6

Description The issue allows unauthenticated users to bypass authorization and update plugin settings, including the MailChimp API key, global styles, 404 page settings, and enabled elements. This is possible due to an easily available nonce that can be obtained from pages edited by the plugin.

Recommendations For versions up to, and including, 2.5.6, update to a version later than 2.5.6 to resolve the issue. As a temporary workaround, consider restricting access to the plugin's settings pages to prevent unauthorized updates until a patch is available.