CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-38388 – WordPress Jupiter X Core plugin <= 3.3.5 - Unauth. Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2023-38388
Unrestricted Upload of File with Dangerous Type vulnerability in Artbees JupiterX Core.This issue affects JupiterX Core: from n/a through 3.3.5. Carga sin restricciones de archivos con vulnerabilidad de tipo peligroso en Artbees JupiterX Core. Este problema afecta a JupiterX Core: desde n/a hasta 3.3.5. The JupiterX Core plugin for WordPress is vulnerable to arbitrary file uploads in versions up to, and including, 3.3.5 due to missing file type validation on the upload_files() function. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://github.com/codeb0ss/CVE-2023-38388 https://patchstack.com/database/vulnerability/jupiterx-core/wordpress-jupiter-x-core-plugin-3-3-0-unauthenticated-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38385 – WordPress Jupiter X Core plugin <= 3.3.0 - Multiple Auth. Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-38385
Missing Authorization vulnerability in Artbees JupiterX Core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JupiterX Core: from 3.0.0 through 3.3.0. The JupiterX Core plugin for WordPress is vulnerable to unauthorized access due to a missing capability check in versions 3.0.0 through 3.3.0. This makes it possible for authenticated attackers, with contributor-level access and above, to perform unauthorized actions. NOTE: This issue only affects the premium version of the plugin. • https://patchstack.com/database/wordpress/plugin/jupiterx-core/vulnerability/wordpress-jupiter-x-core-plugin-3-0-0-3-3-0-multiple-contributor-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38394 – WordPress Jupiter X Core plugin <= 3.3.0 - Multiple Auth. Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-38394
Missing Authorization vulnerability in Artbees JupiterX Core.This issue affects JupiterX Core: from 3.0.0 through 3.3.0. Vulnerabilidad de autorización faltante en Artbees JupiterX Core. Este problema afecta a JupiterX Core: desde 3.0.0 hasta 3.3.0. The JupiterX Core plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on multiple functions in versions 3.0.0 through 3.3.0. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to perform unauthorized actions. • https://patchstack.com/database/vulnerability/jupiterx-core/wordpress-jupiter-x-core-plugin-3-3-0-multiple-subscriber-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •