CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7781 – Jupiter X Core <= 4.7.5 - Limited Unauthenticated Authentication Bypass to Account Takeover
https://notcve.org/view.php?id=CVE-2024-7781
The Jupiter X Core plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 4.7.5. This is due to improper authentication via the Social Login widget. This makes it possible for unauthenticated attackers to log in as the first user to have logged in with a social media account, including administrator accounts. Attackers can exploit the vulnerability even if the Social Login element has been disabled, as long as it was previously enabled and used. The vulnerability was partially patched in version 4.7.5, and fully patched in version 4.7.8. • https://plugins.trac.wordpress.org/browser/jupiterx-core/trunk/includes/extensions/raven/includes/modules/forms/classes/social-login-handler/facebook.php https://plugins.trac.wordpress.org/browser/jupiterx-core/trunk/includes/extensions/raven/includes/modules/forms/classes/social-login-handler/google.php https://plugins.trac.wordpress.org/changeset/3153667 https://www.wordfence.com/threat-intel/vulnerabilities/id/efd279c2-9e95-45bd-9494-fb53a6333c65?source=cve • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7772 – Jupiter X Core <= 4.6.5 - Unauthenticated Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-7772
The Jupiter X Core plugin for WordPress is vulnerable to arbitrary file uploads due to a mishandled file type validation in the 'validate' function in all versions up to, and including, 4.6.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://plugins.trac.wordpress.org/browser/jupiterx-core/trunk/includes/extensions/raven/includes/modules/forms/classes/ajax-handler.php https://plugins.trac.wordpress.org/changeset/3139412 https://www.wordfence.com/threat-intel/vulnerabilities/id/5b546d24-82c1-4598-8926-6e73a4784b38?source=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-38389 – WordPress Jupiter X Core plugin <= 3.3.8 - Unauthenticated Account Takeover vulnerability
https://notcve.org/view.php?id=CVE-2023-38389
Incorrect Authorization vulnerability in Artbees JupiterX Core allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JupiterX Core: from n/a through 3.3.8. La vulnerabilidad de autorización incorrecta en Artbees JupiterX Core permite acceder a una funcionalidad que no está correctamente restringida por las ACL. Este problema afecta a JupiterX Core: desde n/a hasta 3.3.8. The JupiterX Core plugin for WordPress is vulnerable to privilege escalation due to insufficient validation in versions up to, and including, 3.3.8 due to insufficient controls on the facebook_log_user_in() function. This makes it possible for unauthenticated attackers to stage a site takeover. • https://github.com/codeb0ss/CVE-2023-38389-PoC https://patchstack.com/database/vulnerability/jupiterx-core/wordpress-jupiter-x-core-plugin-3-3-0-unauthenticated-account-takeover-vulnerability?_s_id=cve • CWE-288: Authentication Bypass Using an Alternate Path or Channel CWE-863: Incorrect Authorization •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-3813 – Jupiter X Core <= 4.6.6 - Unauthenticated Arbitrary File Download
https://notcve.org/view.php?id=CVE-2023-3813
The Jupiter X Core plugin for WordPress is vulnerable to arbitrary file downloads in versions up to, and including, 2.5.0. This makes it possible for unauthenticated attackers to download the contents of arbitrary files on the server, which can contain sensitive information. The requires the premium version of the plugin to be activated. El plugin Jupiter X Core para WordPress es vulnerable a la descarga de archivos arbitrarios en versiones hasta la 2.5.0 inclusive. Esto hace posible que atacantes no autenticados descarguen el contenido de archivos arbitrarios en el servidor, que pueden contener información sensible. • https://plugins.trac.wordpress.org/browser/jupiterx-core/trunk/includes/extensions/raven/includes/utils.php?rev=2777235#L425 https://www.wordfence.com/threat-intel/vulnerabilities/id/f767d94b-fe92-4b69-9d81-96de51e12983?source=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.9EPSS: 0%CPEs: 2EXPL: 1CVE-2022-1654 – Jupiter Theme <= 6.10.1 and JupiterX Core Plugin <= 2.0.7 - Authenticated Privilege Escalation
https://notcve.org/view.php?id=CVE-2022-1654
Jupiter Theme <= 6.10.1 and JupiterX Core Plugin <= 2.0.7 allow any authenticated attacker, including a subscriber or customer-level attacker, to gain administrative privileges via the "abb_uninstall_template" (both) and "jupiterx_core_cp_uninstall_template" (JupiterX Core Only) AJAX actions Jupiter Theme versiones anteriores a 6.10.1 incluyéndola y JupiterX Core Plugin versiones anteriores a 2.0.7 incluyéndola, permiten que cualquier atacante autenticado, incluyendo un atacante a nivel de suscriptor o cliente, obtenga privilegios administrativos por medio de las acciones AJAX "abb_uninstall_template" (ambas) y "jupiterx_core_cp_uninstall_template" (sólo JupiterX Core) • https://www.wordfence.com/blog/2022/05/critical-privilege-escalation-vulnerability-in-jupiter-and-jupiterx-premium-themes • CWE-269: Improper Privilege Management •