CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7781 – Jupiter X Core <= 4.7.5 - Limited Unauthenticated Authentication Bypass to Account Takeover
https://notcve.org/view.php?id=CVE-2024-7781
The Jupiter X Core plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 4.7.5. This is due to improper authentication via the Social Login widget. This makes it possible for unauthenticated attackers to log in as the first user to have logged in with a social media account, including administrator accounts. Attackers can exploit the vulnerability even if the Social Login element has been disabled, as long as it was previously enabled and used. The vulnerability was partially patched in version 4.7.5, and fully patched in version 4.7.8. • https://plugins.trac.wordpress.org/browser/jupiterx-core/trunk/includes/extensions/raven/includes/modules/forms/classes/social-login-handler/facebook.php https://plugins.trac.wordpress.org/browser/jupiterx-core/trunk/includes/extensions/raven/includes/modules/forms/classes/social-login-handler/google.php https://plugins.trac.wordpress.org/changeset/3153667 https://www.wordfence.com/threat-intel/vulnerabilities/id/efd279c2-9e95-45bd-9494-fb53a6333c65?source=cve • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7772 – Jupiter X Core <= 4.6.5 - Unauthenticated Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-7772
The Jupiter X Core plugin for WordPress is vulnerable to arbitrary file uploads due to a mishandled file type validation in the 'validate' function in all versions up to, and including, 4.6.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://plugins.trac.wordpress.org/browser/jupiterx-core/trunk/includes/extensions/raven/includes/modules/forms/classes/ajax-handler.php https://plugins.trac.wordpress.org/changeset/3139412 https://www.wordfence.com/threat-intel/vulnerabilities/id/5b546d24-82c1-4598-8926-6e73a4784b38?source=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-38389 – WordPress Jupiter X Core plugin <= 3.3.8 - Unauthenticated Account Takeover vulnerability
https://notcve.org/view.php?id=CVE-2023-38389
Incorrect Authorization vulnerability in Artbees JupiterX Core allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JupiterX Core: from n/a through 3.3.8. La vulnerabilidad de autorización incorrecta en Artbees JupiterX Core permite acceder a una funcionalidad que no está correctamente restringida por las ACL. Este problema afecta a JupiterX Core: desde n/a hasta 3.3.8. The JupiterX Core plugin for WordPress is vulnerable to privilege escalation due to insufficient validation in versions up to, and including, 3.3.8 due to insufficient controls on the facebook_log_user_in() function. This makes it possible for unauthenticated attackers to stage a site takeover. • https://github.com/codeb0ss/CVE-2023-38389-PoC https://patchstack.com/database/vulnerability/jupiterx-core/wordpress-jupiter-x-core-plugin-3-3-0-unauthenticated-account-takeover-vulnerability?_s_id=cve • CWE-288: Authentication Bypass Using an Alternate Path or Channel CWE-863: Incorrect Authorization •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-3813 – Jupiter X Core <= 4.6.6 - Unauthenticated Arbitrary File Download
https://notcve.org/view.php?id=CVE-2023-3813
The Jupiter X Core plugin for WordPress is vulnerable to arbitrary file downloads in versions up to, and including, 2.5.0. This makes it possible for unauthenticated attackers to download the contents of arbitrary files on the server, which can contain sensitive information. The requires the premium version of the plugin to be activated. El plugin Jupiter X Core para WordPress es vulnerable a la descarga de archivos arbitrarios en versiones hasta la 2.5.0 inclusive. Esto hace posible que atacantes no autenticados descarguen el contenido de archivos arbitrarios en el servidor, que pueden contener información sensible. • https://plugins.trac.wordpress.org/browser/jupiterx-core/trunk/includes/extensions/raven/includes/utils.php?rev=2777235#L425 https://www.wordfence.com/threat-intel/vulnerabilities/id/f767d94b-fe92-4b69-9d81-96de51e12983?source=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-1656 – JupiterX Theme <= 2.0.6 and JupiterX Core <= 2.0.6 - Authenticated Arbitrary Plugin Deactivation and Settings Modification
https://notcve.org/view.php?id=CVE-2022-1656
Vulnerable versions of the JupiterX Theme (<=2.0.6) allow any logged-in user, including subscriber-level users, to access any of the functions registered in lib/api/api/ajax.php, which also grant access to the jupiterx_api_ajax_ actions registered by the JupiterX Core Plugin (<=2.0.6). This includes the ability to deactivate arbitrary plugins as well as update the theme’s API key. Las versiones vulnerables de JupiterX Theme (versiones anteriores a 2.0.6 incluyéndola) permiten a cualquier usuario con sesión iniciada, incluidos los usuarios con nivel de suscripción, acceder a cualquiera de las funciones registradas en el archivo lib/api/api/ajax.php, que también dan acceso a las acciones jupiterx_api_ajax_ registradas por el plugin JupiterX Core (versiones anteriores a 2.0.6 incluyéndola). Esto incluye la capacidad de desactivar plugins arbitrarios así como actualizar la clave API del tema Vulnerable versions of the JupiterX Theme allow any logged-in user, including subscriber-level users, to access any of the functions registered in lib/api/api/ajax.php, which also grant access to the jupiterx_api_ajax_ actions registered by the JupiterX Core Plugin. This includes the ability to deactivate arbitrary plugins as well as update the theme’s API key. • https://www.wordfence.com/blog/2022/05/critical-privilege-escalation-vulnerability-in-jupiter-and-jupiterx-premium-themes • CWE-284: Improper Access Control •