CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-38388 – WordPress Jupiter X Core plugin <= 3.3.5 - Unauth. Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2023-38388
Unrestricted Upload of File with Dangerous Type vulnerability in Artbees JupiterX Core.This issue affects JupiterX Core: from n/a through 3.3.5. Carga sin restricciones de archivos con vulnerabilidad de tipo peligroso en Artbees JupiterX Core. Este problema afecta a JupiterX Core: desde n/a hasta 3.3.5. The JupiterX Core plugin for WordPress is vulnerable to arbitrary file uploads in versions up to, and including, 3.3.5 due to missing file type validation on the upload_files() function. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://github.com/codeb0ss/CVE-2023-38388 https://patchstack.com/database/vulnerability/jupiterx-core/wordpress-jupiter-x-core-plugin-3-3-0-unauthenticated-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32110 – WordPress JupiterX theme <= 3.0.0 - Auth. Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2023-32110
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in artbees JupiterX allows PHP Local File Inclusion.This issue affects JupiterX: from n/a through 3.0.0. Limitación incorrecta de una vulnerabilidad de nombre de ruta a un directorio restringido ("Path Traversal") en artbees JupiterX permite la inclusión de archivos locales PHP. Este problema afecta a JupiterX: desde n/a hasta 3.0.0. The JupiterX theme for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 3.0.0 via the print_pane function. This allows authenticated attackers with subscriber-level permissions or above to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. • https://patchstack.com/database/vulnerability/jupiterx/wordpress-jupiterx-theme-3-0-0-subscriber-local-file-inclusion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •