High severity8.6NVD Advisory· Published Dec 22, 2022· Updated Apr 8, 2026
CVE-2022-3805
CVE-2022-3805
Description
The Jeg Elementor Kit plugin for WordPress is vulnerable to authorization bypass in various functions used to update the plugin settings in versions up to, and including, 2.5.6. Unauthenticated users can use an easily available nonce, obtained from pages edited by the plugin, to update the MailChimp API key, global styles, 404 page settings, and enabled elements.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <=2.5.6
Patches
Vulnerability mechanics
References
4- plugins.trac.wordpress.org/changesetnvdExploitThird Party Advisory
- wordpress.org/plugins/jeg-elementor-kit/nvdProductRelease NotesThird Party Advisory
- www.wordfence.com/threat-intel/vulnerabilities/id/c9955d65-afb3-4d28-abd2-9f2fec92d013nvdThird Party Advisory
- www.wordfence.com/threat-intel/vulnerabilities/id/c9955d65-afb3-4d28-abd2-9f2fec92d013nvd
News mentions
0No linked articles in our index yet.