CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7781 – Jupiter X Core <= 4.7.5 - Limited Unauthenticated Authentication Bypass to Account Takeover
https://notcve.org/view.php?id=CVE-2024-7781
The Jupiter X Core plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 4.7.5. This is due to improper authentication via the Social Login widget. This makes it possible for unauthenticated attackers to log in as the first user to have logged in with a social media account, including administrator accounts. Attackers can exploit the vulnerability even if the Social Login element has been disabled, as long as it was previously enabled and used. The vulnerability was partially patched in version 4.7.5, and fully patched in version 4.7.8. • https://plugins.trac.wordpress.org/browser/jupiterx-core/trunk/includes/extensions/raven/includes/modules/forms/classes/social-login-handler/facebook.php https://plugins.trac.wordpress.org/browser/jupiterx-core/trunk/includes/extensions/raven/includes/modules/forms/classes/social-login-handler/google.php https://plugins.trac.wordpress.org/changeset/3153667 https://www.wordfence.com/threat-intel/vulnerabilities/id/efd279c2-9e95-45bd-9494-fb53a6333c65?source=cve • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7772 – Jupiter X Core <= 4.6.5 - Unauthenticated Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-7772
The Jupiter X Core plugin for WordPress is vulnerable to arbitrary file uploads due to a mishandled file type validation in the 'validate' function in all versions up to, and including, 4.6.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://plugins.trac.wordpress.org/browser/jupiterx-core/trunk/includes/extensions/raven/includes/modules/forms/classes/ajax-handler.php https://plugins.trac.wordpress.org/changeset/3139412 https://www.wordfence.com/threat-intel/vulnerabilities/id/5b546d24-82c1-4598-8926-6e73a4784b38?source=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-38389 – WordPress Jupiter X Core plugin <= 3.3.8 - Unauthenticated Account Takeover vulnerability
https://notcve.org/view.php?id=CVE-2023-38389
Incorrect Authorization vulnerability in Artbees JupiterX Core allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JupiterX Core: from n/a through 3.3.8. La vulnerabilidad de autorización incorrecta en Artbees JupiterX Core permite acceder a una funcionalidad que no está correctamente restringida por las ACL. Este problema afecta a JupiterX Core: desde n/a hasta 3.3.8. The JupiterX Core plugin for WordPress is vulnerable to privilege escalation due to insufficient validation in versions up to, and including, 3.3.8 due to insufficient controls on the facebook_log_user_in() function. This makes it possible for unauthenticated attackers to stage a site takeover. • https://github.com/codeb0ss/CVE-2023-38389-PoC https://patchstack.com/database/vulnerability/jupiterx-core/wordpress-jupiter-x-core-plugin-3-3-0-unauthenticated-account-takeover-vulnerability?_s_id=cve • CWE-288: Authentication Bypass Using an Alternate Path or Channel CWE-863: Incorrect Authorization •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-3813 – Jupiter X Core <= 4.6.6 - Unauthenticated Arbitrary File Download
https://notcve.org/view.php?id=CVE-2023-3813
The Jupiter X Core plugin for WordPress is vulnerable to arbitrary file downloads in versions up to, and including, 2.5.0. This makes it possible for unauthenticated attackers to download the contents of arbitrary files on the server, which can contain sensitive information. The requires the premium version of the plugin to be activated. El plugin Jupiter X Core para WordPress es vulnerable a la descarga de archivos arbitrarios en versiones hasta la 2.5.0 inclusive. Esto hace posible que atacantes no autenticados descarguen el contenido de archivos arbitrarios en el servidor, que pueden contener información sensible. • https://plugins.trac.wordpress.org/browser/jupiterx-core/trunk/includes/extensions/raven/includes/utils.php?rev=2777235#L425 https://www.wordfence.com/threat-intel/vulnerabilities/id/f767d94b-fe92-4b69-9d81-96de51e12983?source=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1658 – Jupiter Theme <= 6.10.1 - Authenticated Arbitrary Plugin Deletion
https://notcve.org/view.php?id=CVE-2022-1658
Vulnerable versions of the Jupiter Theme (<= 6.10.1) allow arbitrary plugin deletion by any authenticated user, including users with the subscriber role, via the abb_remove_plugin AJAX action registered in the framework/admin/control-panel/logic/plugin-management.php file. Using this functionality, any logged-in user can delete any installed plugin on the site. Las versiones vulnerables de Jupiter Theme (versiones anteriores a 6.10.1 incluyéndola) permiten la eliminación arbitraria de plugins por parte de cualquier usuario autenticado, incluidos los usuarios con el rol de suscriptor, por medio de la acción AJAX abb_remove_plugin registrada en el archivo framework/admin/control-panel/logic/plugin-management.php. usando esta funcionalidad, cualquier usuario conectado puede eliminar cualquier plugin instalado en el sitio Vulnerable versions of the Jupiter Theme allow arbitrary plugin deletion by any authenticated user, including users with the subscriber role, via the abb_remove_plugin AJAX action registered in the framework/admin/control-panel/logic/plugin-management.php file. Using this functionality, any logged-in user can delete any installed plugin on the site. • https://www.wordfence.com/blog/2022/05/critical-privilege-escalation-vulnerability-in-jupiter-and-jupiterx-premium-themes • CWE-284: Improper Access Control •