Conversation
supportHi Jegtheme team, Patchstack is showing an unpatched authenticated Contributor+ stored XSS in Jeg Kit affecting versions up to 3.1.0. Current WP.org release is still 3.0.3, so all my client sites running this plugin are flagged daily by ManageWP scans. Two questions: When can we expect the patched version on WP.org? Have you considered claiming the plugin in Patchstack’s free VDP program ( https://patchstack.com/database/vdp/jeg-elementor-kit )? It would give you a direct security pipeline and resolve the ‘No VDP’ flag that’s currently triggering noisy alerts across your install base. Happy to test pre-release builds on staging if useful. Thanks, Ben Clark
Hello Ben, We sincerely apologize for the delay in our response and for the inconvenience and concern you have experienced. We have resolved the issue, and the latest version of the Jeg Kit plugin is now version 3.1.2, which has already been released on WordPress.org. You can update the Jeg Kit plugin to the latest version to resolve this issue. If you do not receive an update notification, you may manually update the plugin by downloading the latest version from WordPress.org and reinstalling it manually. We hope this helps. Thank You Best Regards, Fauzan Edris
@fauzanjegstudio Good advice to update, but I see that now I can only update the plugin if I buy a paid version… Here is what I see: “There is a new version of Jeg Kit for Elementor available. Buy a license now to access version 3.1.3 security & feature updates, and support.” not nice…
Hello @vertigoxxl , We sincerely apologize for the inconvenience you have experienced. For now, you may try updating the Jeg Kit plugin to the latest version by downloading the newest installation file from WordPress.org and then installing or updating it manually using the downloaded file. We hope this helps. Thank You
Hello Ben, We sincerely apologize for the delay in our response and for the inconvenience and concern you have experienced. We have resolved the issue, and the latest version of the Jeg Kit plugin is now version 3.1.2, which has already been released on WordPress.org. You can update the Jeg Kit plugin to the latest version to resolve this issue. If you do not receive an update notification, you may manually update the plugin by downloading the latest version from WordPress.org and reinstalling it manually. We hope this helps. Thank You Best Regards, Fauzan Edris
@fauzanjegstudio Good advice to update, but I see that now I can only update the plugin if I buy a paid version… Here is what I see: “There is a new version of Jeg Kit for Elementor available. Buy a license now to access version 3.1.3 security & feature updates, and support.” not nice…
Hello @vertigoxxl , We sincerely apologize for the inconvenience you have experienced. For now, you may try updating the Jeg Kit plugin to the latest version by downloading the newest installation file from WordPress.org and then installing or updating it manually using the downloaded file. We hope this helps. Thank You