MEDIUM
jegtheme
CVE published 2026-07-10
CVE-2026-13710
The Jeg Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Box widget's 'sg_body_description' parameter in versions up to, and including, 3.2.6. This is due to insufficient input sanitization and output escaping on the description attribute in the render_body() method of the Image_Box_View class. Authenticated attackers with Contributor-level access and above [truncated]