PatchSiren

jegtheme CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM jegtheme CVE published 2026-07-10

CVE-2026-13710

The Jeg Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Box widget's 'sg_body_description' parameter in versions up to, and including, 3.2.6. This is due to insufficient input sanitization and output escaping on the description attribute in the render_body() method of the Image_Box_View class. Authenticated attackers with Contributor-level access and above [truncated]