CVE-2024-4479 – The Jeg Elementor Kit WordPress plugin has a st... (How to Fix)

📋 TL;DR

The Jeg Elementor Kit WordPress plugin has a stored XSS vulnerability that allows authenticated attackers with Contributor access or higher to inject malicious scripts into website pages. These scripts execute whenever users visit the compromised pages, potentially stealing credentials or performing unauthorized actions. All WordPress sites using this plugin up to version 2.6.5 are affected.

💻 Affected Systems

Products:

Jeg Elementor Kit WordPress Plugin

Versions: All versions up to and including 2.6.5

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Requires WordPress with the vulnerable plugin installed. Attackers need at least Contributor-level access to exploit.

📦 What is this software?

Jeg Elementor Kit by Jegtheme

View all CVEs affecting Jeg Elementor Kit →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal administrator credentials, deface websites, redirect users to malicious sites, or perform actions on behalf of authenticated users, potentially leading to complete site compromise.

🟠

Likely Case

Attackers inject malicious JavaScript to steal user session cookies or credentials, perform unauthorized actions, or display malicious content to visitors.

🟢

If Mitigated

With proper input validation and output escaping, the vulnerability would be prevented, and only properly sanitized content would be displayed to users.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access but is straightforward once an attacker has Contributor privileges or higher.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.6.6 or later

Vendor Advisory: https://wordpress.org/plugins/jeg-elementor-kit/#developers

Restart Required: No

Instructions:

1. Log into WordPress admin panel
2. Navigate to Plugins → Installed Plugins
3. Find 'Jeg Elementor Kit'
4. Click 'Update Now' if update is available
5. Alternatively, download version 2.6.6+ from WordPress repository and manually update

🔧 Temporary Workarounds

Disable vulnerable widgets

all

Temporarily disable the JKit - Tabs and JKit - Accordion widgets in Elementor settings

Remove plugin

all

Completely remove the Jeg Elementor Kit plugin if not essential

🧯 If You Can't Patch

Restrict user roles: Only grant Contributor access or higher to trusted users
Implement web application firewall (WAF) rules to block XSS payloads

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin → Plugins → Installed Plugins for Jeg Elementor Kit version

Check Version:

wp plugin list --name=jeg-elementor-kit --field=version

Verify Fix Applied:

Verify plugin version is 2.6.6 or higher in WordPress admin panel

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to WordPress admin-ajax.php with sg_general_toggle_tab_enable or sg_accordion_style parameters containing script tags
Multiple failed login attempts followed by successful Contributor-level login

Network Indicators:

Inbound requests with JavaScript payloads in form parameters
Outbound connections to suspicious domains after page loads

SIEM Query:

source="wordpress.log" AND (sg_general_toggle_tab_enable OR sg_accordion_style) AND (script OR javascript OR onload OR onerror)

📊 Metadata

CVE ID: CVE-2024-4479

CVSS v3 Score: 6.4 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

CWE: CWE-79

Published: June 15, 2024

Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-4479, you might also want to check these: