CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-38388 – WordPress Jupiter X Core plugin <= 3.3.5 - Unauth. Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2023-38388
Unrestricted Upload of File with Dangerous Type vulnerability in Artbees JupiterX Core.This issue affects JupiterX Core: from n/a through 3.3.5. Carga sin restricciones de archivos con vulnerabilidad de tipo peligroso en Artbees JupiterX Core. Este problema afecta a JupiterX Core: desde n/a hasta 3.3.5. The JupiterX Core plugin for WordPress is vulnerable to arbitrary file uploads in versions up to, and including, 3.3.5 due to missing file type validation on the upload_files() function. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://github.com/codeb0ss/CVE-2023-38388 https://patchstack.com/database/vulnerability/jupiterx-core/wordpress-jupiter-x-core-plugin-3-3-0-unauthenticated-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38385 – JupiterX Core 3.0.0 - 3.3.0 - Missing Authorization
https://notcve.org/view.php?id=CVE-2023-38385
The JupiterX Core plugin for WordPress is vulnerable to unauthorized access due to a missing capability check in versions 3.0.0 through 3.3.0. This makes it possible for authenticated attackers, with contributor-level access and above, to perform unauthorized actions. NOTE: This issue only affects the premium version of the plugin. • CWE-862: Missing Authorization •