Search criteria
22 vulnerabilities found for Jupiter X Core by ArtBees
CVE-2025-3888 (GCVE-0-2025-3888)
Vulnerability from cvelistv5 – Published: 2025-05-17 11:17 – Updated: 2025-05-19 14:56
VLAI?
Title
Jupiterx Core <= 4.8.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Inline SVG
Summary
The Jupiter X Core plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File inclusion in all versions up to, and including, 4.8.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the page with the included SVG file.
Severity ?
6.4 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| artbees | Jupiter X Core |
Affected:
* , ≤ 4.8.12
(semver)
|
Credits
Matthew Rollings
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3888",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-19T14:56:45.616110Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-19T14:56:52.470Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Jupiter X Core",
"vendor": "artbees",
"versions": [
{
"lessThanOrEqual": "4.8.12",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Matthew Rollings"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Jupiter X Core plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File inclusion in all versions up to, and including, 4.8.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the page with the included SVG file."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-17T11:17:16.724Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f36f1ea5-62f7-48f0-a8d3-a56e0c9915d7?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/jupiterx-core/trunk/includes/extensions/raven/includes/modules/inline-svg/widgets/inline-svg.php#L304"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3292376/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-05-16T00:00:00.000+00:00",
"value": "Disclosed"
}
],
"title": "Jupiterx Core \u003c= 4.8.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Inline SVG"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-3888",
"datePublished": "2025-05-17T11:17:16.724Z",
"dateReserved": "2025-04-22T22:23:04.290Z",
"dateUpdated": "2025-05-19T14:56:52.470Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-2105 (GCVE-0-2025-2105)
Vulnerability from cvelistv5 – Published: 2025-04-26 05:34 – Updated: 2025-04-28 21:56
VLAI?
Title
Jupiter X Core <= 4.8.11 - Unauthenticated PHP Object Injection via PHAR
Summary
The Jupiter X Core plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.8.11 via deserialization of untrusted input from the 'file' parameter of the 'raven_download_file' function. This makes it possible for attackers to inject a PHP Object through a PHAR file. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present. This vulnerability may be exploited by unauthenticated attackers when a form is present on the site with the file download action, and the ability to upload files is also present. Otherwise, this would be considered exploitable by Contributor-level users and above, because they could create the form needed to successfully exploit this.
Severity ?
8.1 (High)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| artbees | Jupiter X Core |
Affected:
* , ≤ 4.8.11
(semver)
|
Credits
Nguyen Tan Phat
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2105",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-28T14:47:10.455673Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-28T21:56:02.444Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Jupiter X Core",
"vendor": "artbees",
"versions": [
{
"lessThanOrEqual": "4.8.11",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Nguyen Tan Phat"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Jupiter X Core plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.8.11 via deserialization of untrusted input from the \u0027file\u0027 parameter of the \u0027raven_download_file\u0027 function. This makes it possible for attackers to inject a PHP Object through a PHAR file. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present. This vulnerability may be exploited by unauthenticated attackers when a form is present on the site with the file download action, and the ability to upload files is also present. Otherwise, this would be considered exploitable by Contributor-level users and above, because they could create the form needed to successfully exploit this."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-26T05:34:22.050Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3427387e-30d2-40a5-9bfd-d458039d8e2e?source=cve"
},
{
"url": "https://wordpress.org/plugins/jupiterx-core/"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3279676/jupiterx-core/trunk/includes/extensions/raven/includes/utils.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-04-25T17:04:47.000+00:00",
"value": "Disclosed"
}
],
"title": "Jupiter X Core \u003c= 4.8.11 - Unauthenticated PHP Object Injection via PHAR"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-2105",
"datePublished": "2025-04-26T05:34:22.050Z",
"dateReserved": "2025-03-07T19:42:10.279Z",
"dateUpdated": "2025-04-28T21:56:02.444Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-0366 (GCVE-0-2025-0366)
Vulnerability from cvelistv5 – Published: 2025-02-01 05:30 – Updated: 2025-02-03 16:37
VLAI?
Title
Jupiter X Core <= 4.8.7 - Authenticated (Contributor+) SVG Upload to Local File Inclusion (Remote Code Execution)
Summary
The Jupiter X Core plugin for WordPress is vulnerable to Local File Inclusion to Remote Code Execution in all versions up to, and including, 4.8.7 via the get_svg() function. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution. In this specific case, an attacker can create a form that allows SVG uploads, upload an SVG file with malicious content and then include the SVG file in a post to achieve remote code execution. This means it is relatively easy to gain remote code execution as a contributor-level user and above by default.
Severity ?
8.8 (High)
CWE
- CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| artbees | Jupiter X Core |
Affected:
* , ≤ 4.8.7
(semver)
|
Credits
Matthew Rollings
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0366",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-03T16:22:38.402807Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-03T16:37:59.793Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Jupiter X Core",
"vendor": "artbees",
"versions": [
{
"lessThanOrEqual": "4.8.7",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Matthew Rollings"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Jupiter X Core plugin for WordPress is vulnerable to Local File Inclusion to Remote Code Execution in all versions up to, and including, 4.8.7 via the get_svg() function. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution. In this specific case, an attacker can create a form that allows SVG uploads, upload an SVG file with malicious content and then include the SVG file in a post to achieve remote code execution. This means it is relatively easy to gain remote code execution as a contributor-level user and above by default."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-98",
"description": "CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program (\u0027PHP Remote File Inclusion\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-01T05:30:37.253Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1a20dc1d-eb7c-47ac-ad9a-ec4c0d5db62e?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3231122/jupiterx-core/trunk/includes/extensions/raven/includes/modules/video/widgets/video.php"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3231122/jupiterx-core/trunk/includes/extensions/raven/includes/modules/forms/classes/ajax-handler.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-01-31T00:00:00.000+00:00",
"value": "Disclosed"
}
],
"title": "Jupiter X Core \u003c= 4.8.7 - Authenticated (Contributor+) SVG Upload to Local File Inclusion (Remote Code Execution)"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-0366",
"datePublished": "2025-02-01T05:30:37.253Z",
"dateReserved": "2025-01-09T17:09:57.454Z",
"dateUpdated": "2025-02-03T16:37:59.793Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-0365 (GCVE-0-2025-0365)
Vulnerability from cvelistv5 – Published: 2025-02-01 05:30 – Updated: 2025-02-03 16:37
VLAI?
Title
Jupiterx Core <= 4.8.7 - Authenticated (Contributor+) Arbitrary File Read
Summary
The Jupiter X Core plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 4.8.7 via the inline SVG feature. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.
Severity ?
6.5 (Medium)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| artbees | Jupiter X Core |
Affected:
* , ≤ 4.8.7
(semver)
|
Credits
Matthew Rollings
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0365",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-03T16:07:56.349028Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-03T16:37:53.139Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Jupiter X Core",
"vendor": "artbees",
"versions": [
{
"lessThanOrEqual": "4.8.7",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Matthew Rollings"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Jupiter X Core plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 4.8.7 via the inline SVG feature. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-01T05:30:37.677Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d3bc5ef7-6825-463f-a3ce-d6ab1fc0e030?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3231122/jupiterx-core/trunk/includes/extensions/raven/includes/modules/inline-svg/widgets/inline-svg.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-01-31T00:00:00.000+00:00",
"value": "Disclosed"
}
],
"title": "Jupiterx Core \u003c= 4.8.7 - Authenticated (Contributor+) Arbitrary File Read"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-0365",
"datePublished": "2025-02-01T05:30:37.677Z",
"dateReserved": "2025-01-09T16:58:05.458Z",
"dateUpdated": "2025-02-03T16:37:53.139Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-12033 (GCVE-0-2024-12033)
Vulnerability from cvelistv5 – Published: 2025-01-07 11:11 – Updated: 2025-01-07 14:25
VLAI?
Title
Jupiter X Core <= 4.8.5 - Missing Authorization to Authenticated Library Sync
Summary
The Jupiter X Core plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the sync_libraries() function in all versions up to, and including, 4.8.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to sync libraries
Severity ?
4.3 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| artbees | Jupiter X Core |
Affected:
* , ≤ 4.8.5
(semver)
|
Credits
Tieu Pham Trong Nhan
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12033",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-07T14:25:32.424413Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-07T14:25:50.999Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Jupiter X Core",
"vendor": "artbees",
"versions": [
{
"lessThanOrEqual": "4.8.5",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Tieu Pham Trong Nhan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Jupiter X Core plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the sync_libraries() function in all versions up to, and including, 4.8.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to sync libraries"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-07T11:11:11.179Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7e452aa0-bfb9-4805-b2ed-53464a4b5308?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3214798/jupiterx-core/trunk/includes/extensions/raven/includes/plugin.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-01-06T00:00:00.000+00:00",
"value": "Disclosed"
}
],
"title": "Jupiter X Core \u003c= 4.8.5 - Missing Authorization to Authenticated Library Sync"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-12033",
"datePublished": "2025-01-07T11:11:11.179Z",
"dateReserved": "2024-12-02T16:10:51.342Z",
"dateUpdated": "2025-01-07T14:25:50.999Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-12316 (GCVE-0-2024-12316)
Vulnerability from cvelistv5 – Published: 2025-01-07 11:11 – Updated: 2025-01-07 14:22
VLAI?
Title
Jupiter X Core <= 4.8.5 - Missing Authorization to Unauthenticated Popup Template Export
Summary
The Jupiter X Core plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_popup_action() function in all versions up to, and including, 4.8.5. This makes it possible for unauthenticated attackers to export popup templates.
Severity ?
5.3 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| artbees | Jupiter X Core |
Affected:
* , ≤ 4.8.5
(semver)
|
Credits
Tieu Pham Trong Nhan
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12316",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-07T14:22:24.180772Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-07T14:22:43.323Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Jupiter X Core",
"vendor": "artbees",
"versions": [
{
"lessThanOrEqual": "4.8.5",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Tieu Pham Trong Nhan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Jupiter X Core plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_popup_action() function in all versions up to, and including, 4.8.5. This makes it possible for unauthenticated attackers to export popup templates."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-07T11:11:10.560Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5db195c1-8917-4465-a5ca-21089afb0bc7?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/jupiterx-core/trunk/includes/popups/class.php#L475"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3214798/jupiterx-core/trunk/includes/popups/class.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-01-06T00:00:00.000+00:00",
"value": "Disclosed"
}
],
"title": "Jupiter X Core \u003c= 4.8.5 - Missing Authorization to Unauthenticated Popup Template Export"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-12316",
"datePublished": "2025-01-07T11:11:10.560Z",
"dateReserved": "2024-12-06T16:22:45.578Z",
"dateUpdated": "2025-01-07T14:22:43.323Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7781 (GCVE-0-2024-7781)
Vulnerability from cvelistv5 – Published: 2024-09-26 04:29 – Updated: 2024-09-26 14:08
VLAI?
Title
Jupiter X Core <= 4.7.5 - Limited Unauthenticated Authentication Bypass to Account Takeover
Summary
The Jupiter X Core plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 4.7.5. This is due to improper authentication via the Social Login widget. This makes it possible for unauthenticated attackers to log in as the first user to have logged in with a social media account, including administrator accounts. Attackers can exploit the vulnerability even if the Social Login element has been disabled, as long as it was previously enabled and used. The vulnerability was partially patched in version 4.7.5, and fully patched in version 4.7.8.
Severity ?
8.1 (High)
CWE
- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| artbees | Jupiter X Core |
Affected:
* , ≤ 4.7.5
(semver)
|
Credits
Geo Void
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:artbees:jupiter_x_core:*:*:*:*:*:wordpress:*:*"
],
"defaultStatus": "unknown",
"product": "jupiter_x_core",
"vendor": "artbees",
"versions": [
{
"lessThanOrEqual": "4.7.5",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7781",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-26T13:51:38.820022Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T14:08:53.334Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Jupiter X Core",
"vendor": "artbees",
"versions": [
{
"lessThanOrEqual": "4.7.5",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Geo Void"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Jupiter X Core plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 4.7.5. This is due to improper authentication via the Social Login widget. This makes it possible for unauthenticated attackers to log in as the first user to have logged in with a social media account, including administrator accounts. Attackers can exploit the vulnerability even if the Social Login element has been disabled, as long as it was previously enabled and used. The vulnerability was partially patched in version 4.7.5, and fully patched in version 4.7.8."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T04:29:59.599Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/efd279c2-9e95-45bd-9494-fb53a6333c65?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/jupiterx-core/trunk/includes/extensions/raven/includes/modules/forms/classes/social-login-handler/google.php"
},
{
"url": "https://plugins.trac.wordpress.org/browser/jupiterx-core/trunk/includes/extensions/raven/includes/modules/forms/classes/social-login-handler/facebook.php"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3153667/"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-09-25T16:13:20.000+00:00",
"value": "Disclosed"
}
],
"title": "Jupiter X Core \u003c= 4.7.5 - Limited Unauthenticated Authentication Bypass to Account Takeover"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-7781",
"datePublished": "2024-09-26T04:29:59.599Z",
"dateReserved": "2024-08-13T22:26:24.761Z",
"dateUpdated": "2024-09-26T14:08:53.334Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7772 (GCVE-0-2024-7772)
Vulnerability from cvelistv5 – Published: 2024-09-26 04:29 – Updated: 2024-09-26 14:09
VLAI?
Title
Jupiter X Core <= 4.6.5 - Unauthenticated Arbitrary File Upload
Summary
The Jupiter X Core plugin for WordPress is vulnerable to arbitrary file uploads due to a mishandled file type validation in the 'validate' function in all versions up to, and including, 4.6.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
Severity ?
9.8 (Critical)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| artbees | Jupiter X Core |
Affected:
* , ≤ 4.6.5
(semver)
|
Credits
Geo Void
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:artbees:jupiter_x_core:*:*:*:*:*:wordpress:*:*"
],
"defaultStatus": "unknown",
"product": "jupiter_x_core",
"vendor": "artbees",
"versions": [
{
"lessThanOrEqual": "4.6.5",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7772",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-26T13:53:13.844764Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T14:09:08.257Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Jupiter X Core",
"vendor": "artbees",
"versions": [
{
"lessThanOrEqual": "4.6.5",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Geo Void"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Jupiter X Core plugin for WordPress is vulnerable to arbitrary file uploads due to a mishandled file type validation in the \u0027validate\u0027 function in all versions up to, and including, 4.6.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site\u0027s server which may make remote code execution possible."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T04:29:58.902Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5b546d24-82c1-4598-8926-6e73a4784b38?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/jupiterx-core/trunk/includes/extensions/raven/includes/modules/forms/classes/ajax-handler.php"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3139412/"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-08-23T00:00:00.000+00:00",
"value": "Disclosed"
}
],
"title": "Jupiter X Core \u003c= 4.6.5 - Unauthenticated Arbitrary File Upload"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-7772",
"datePublished": "2024-09-26T04:29:58.902Z",
"dateReserved": "2024-08-13T19:43:55.202Z",
"dateUpdated": "2024-09-26T14:09:08.257Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1659 (GCVE-0-2022-1659)
Vulnerability from cvelistv5 – Published: 2022-06-13 13:17 – Updated: 2025-01-31 18:52
VLAI?
Title
JupiterX Core <= 2.0.6 - Information Disclosure, Modification, and Denial of Service
Summary
Vulnerable versions of the JupiterX Core (<= 2.0.6) plugin register an AJAX action jupiterx_conditional_manager which can be used to call any function in the includes/condition/class-condition-manager.php file by sending the desired function to call in the sub_action parameter. This can be used to view site configuration and logged-in users, modify post conditions, or perform a denial of service attack.
Severity ?
5.4 (Medium)
CWE
- CWE-284 - Improper Access Control
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ArtBees | Jupiter X Core |
Affected:
2.0.6 , ≤ 2.0.6
(custom)
|
Credits
Ramuel Gall, Wordfence
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:10:03.795Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.wordfence.com/blog/2022/05/critical-privilege-escalation-vulnerability-in-jupiter-and-jupiterx-premium-themes/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-1659",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-31T18:52:37.942185Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-31T18:52:43.279Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Jupiter X Core",
"vendor": "ArtBees",
"versions": [
{
"lessThanOrEqual": "2.0.6",
"status": "affected",
"version": "2.0.6",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Ramuel Gall, Wordfence"
}
],
"descriptions": [
{
"lang": "en",
"value": "Vulnerable versions of the JupiterX Core (\u003c= 2.0.6) plugin register an AJAX action jupiterx_conditional_manager which can be used to call any function in the includes/condition/class-condition-manager.php file by sending the desired function to call in the sub_action parameter. This can be used to view site configuration and logged-in users, modify post conditions, or perform a denial of service attack."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-13T13:17:10.000Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.wordfence.com/blog/2022/05/critical-privilege-escalation-vulnerability-in-jupiter-and-jupiterx-premium-themes/"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "JupiterX Core \u003c= 2.0.6 - Information Disclosure, Modification, and Denial of Service",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "Wordfence",
"ASSIGNER": "security@wordfence.com",
"ID": "CVE-2022-1659",
"STATE": "PUBLIC",
"TITLE": "JupiterX Core \u003c= 2.0.6 - Information Disclosure, Modification, and Denial of Service"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jupiter X Core",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "2.0.6",
"version_value": "2.0.6"
}
]
}
}
]
},
"vendor_name": "ArtBees"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Ramuel Gall, Wordfence"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerable versions of the JupiterX Core (\u003c= 2.0.6) plugin register an AJAX action jupiterx_conditional_manager which can be used to call any function in the includes/condition/class-condition-manager.php file by sending the desired function to call in the sub_action parameter. This can be used to view site configuration and logged-in users, modify post conditions, or perform a denial of service attack."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.wordfence.com/blog/2022/05/critical-privilege-escalation-vulnerability-in-jupiter-and-jupiterx-premium-themes/",
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2022/05/critical-privilege-escalation-vulnerability-in-jupiter-and-jupiterx-premium-themes/"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2022-1659",
"datePublished": "2022-06-13T13:17:10.000Z",
"dateReserved": "2022-05-10T00:00:00.000Z",
"dateUpdated": "2025-01-31T18:52:43.279Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1654 (GCVE-0-2022-1654)
Vulnerability from cvelistv5 – Published: 2022-06-13 13:16 – Updated: 2025-01-31 18:53
VLAI?
Title
Jupiter Theme <= 6.10.1 and JupiterX Core Plugin <= 2.0.7 - Authenticated Privilege Escalation
Summary
Jupiter Theme <= 6.10.1 and JupiterX Core Plugin <= 2.0.7 allow any authenticated attacker, including a subscriber or customer-level attacker, to gain administrative privileges via the "abb_uninstall_template" (both) and "jupiterx_core_cp_uninstall_template" (JupiterX Core Only) AJAX actions
Severity ?
8.8 (High)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ArtBees | Jupiter X Core |
Affected:
2.0.7 , ≤ 2.0.7
(custom)
|
||
Credits
Ramuel Gall, Wordfence
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:10:03.696Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.wordfence.com/blog/2022/05/critical-privilege-escalation-vulnerability-in-jupiter-and-jupiterx-premium-themes/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-1654",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-31T18:52:58.891956Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-31T18:53:07.071Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Jupiter X Core",
"vendor": "ArtBees",
"versions": [
{
"lessThanOrEqual": "2.0.7",
"status": "affected",
"version": "2.0.7",
"versionType": "custom"
}
]
},
{
"product": "Jupiter",
"vendor": "ArtBees",
"versions": [
{
"lessThanOrEqual": "6.10.1",
"status": "affected",
"version": "6.10.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Ramuel Gall, Wordfence"
}
],
"descriptions": [
{
"lang": "en",
"value": "Jupiter Theme \u003c= 6.10.1 and JupiterX Core Plugin \u003c= 2.0.7 allow any authenticated attacker, including a subscriber or customer-level attacker, to gain administrative privileges via the \"abb_uninstall_template\" (both) and \"jupiterx_core_cp_uninstall_template\" (JupiterX Core Only) AJAX actions"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-13T13:16:09.000Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.wordfence.com/blog/2022/05/critical-privilege-escalation-vulnerability-in-jupiter-and-jupiterx-premium-themes/"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Jupiter Theme \u003c= 6.10.1 and JupiterX Core Plugin \u003c= 2.0.7 - Authenticated Privilege Escalation",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "Wordfence",
"ASSIGNER": "security@wordfence.com",
"ID": "CVE-2022-1654",
"STATE": "PUBLIC",
"TITLE": "Jupiter Theme \u003c= 6.10.1 and JupiterX Core Plugin \u003c= 2.0.7 - Authenticated Privilege Escalation"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jupiter X Core",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "2.0.7",
"version_value": "2.0.7"
}
]
}
}
]
},
"vendor_name": "ArtBees"
},
{
"product": {
"product_data": [
{
"product_name": "Jupiter",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "6.10.1",
"version_value": "6.10.1"
}
]
}
}
]
},
"vendor_name": "ArtBees"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Ramuel Gall, Wordfence"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Jupiter Theme \u003c= 6.10.1 and JupiterX Core Plugin \u003c= 2.0.7 allow any authenticated attacker, including a subscriber or customer-level attacker, to gain administrative privileges via the \"abb_uninstall_template\" (both) and \"jupiterx_core_cp_uninstall_template\" (JupiterX Core Only) AJAX actions"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.wordfence.com/blog/2022/05/critical-privilege-escalation-vulnerability-in-jupiter-and-jupiterx-premium-themes/",
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2022/05/critical-privilege-escalation-vulnerability-in-jupiter-and-jupiterx-premium-themes/"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2022-1654",
"datePublished": "2022-06-13T13:16:09.000Z",
"dateReserved": "2022-05-10T00:00:00.000Z",
"dateUpdated": "2025-01-31T18:53:07.071Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1656 (GCVE-0-2022-1656)
Vulnerability from cvelistv5 – Published: 2022-06-13 12:41 – Updated: 2025-02-13 20:44
VLAI?
Title
JupiterX Theme <= 2.0.6 and JupiterX Core <= 2.0.6 - Authenticated Arbitrary Plugin Deactivation and Settings Modification
Summary
Vulnerable versions of the JupiterX Theme (<=2.0.6) allow any logged-in user, including subscriber-level users, to access any of the functions registered in lib/api/api/ajax.php, which also grant access to the jupiterx_api_ajax_ actions registered by the JupiterX Core Plugin (<=2.0.6). This includes the ability to deactivate arbitrary plugins as well as update the theme’s API key.
Severity ?
5.4 (Medium)
CWE
- CWE-284 - Improper Access Control
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ArtBees | Jupiter X Core |
Affected:
2.0.6 , ≤ 2.0.6
(custom)
|
||
Credits
Ramuel Gall, Wordfence
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:10:03.824Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.wordfence.com/blog/2022/05/critical-privilege-escalation-vulnerability-in-jupiter-and-jupiterx-premium-themes/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-1656",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-13T20:44:23.073764Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-13T20:44:26.903Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Jupiter X Core",
"vendor": "ArtBees",
"versions": [
{
"lessThanOrEqual": "2.0.6",
"status": "affected",
"version": "2.0.6",
"versionType": "custom"
}
]
},
{
"product": "Jupiter X",
"vendor": "ArtBees",
"versions": [
{
"lessThanOrEqual": "2.0.6",
"status": "affected",
"version": "2.0.6",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Ramuel Gall, Wordfence"
}
],
"descriptions": [
{
"lang": "en",
"value": "Vulnerable versions of the JupiterX Theme (\u003c=2.0.6) allow any logged-in user, including subscriber-level users, to access any of the functions registered in lib/api/api/ajax.php, which also grant access to the jupiterx_api_ajax_ actions registered by the JupiterX Core Plugin (\u003c=2.0.6). This includes the ability to deactivate arbitrary plugins as well as update the theme\u2019s API key."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-13T12:41:32.000Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.wordfence.com/blog/2022/05/critical-privilege-escalation-vulnerability-in-jupiter-and-jupiterx-premium-themes/"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "JupiterX Theme \u003c= 2.0.6 and JupiterX Core \u003c= 2.0.6 - Authenticated Arbitrary Plugin Deactivation and Settings Modification",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "Wordfence",
"ASSIGNER": "security@wordfence.com",
"ID": "CVE-2022-1656",
"STATE": "PUBLIC",
"TITLE": "JupiterX Theme \u003c= 2.0.6 and JupiterX Core \u003c= 2.0.6 - Authenticated Arbitrary Plugin Deactivation and Settings Modification"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jupiter X Core",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "2.0.6",
"version_value": "2.0.6"
}
]
}
}
]
},
"vendor_name": "ArtBees"
},
{
"product": {
"product_data": [
{
"product_name": "Jupiter X",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "2.0.6",
"version_value": "2.0.6"
}
]
}
}
]
},
"vendor_name": "ArtBees"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Ramuel Gall, Wordfence"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerable versions of the JupiterX Theme (\u003c=2.0.6) allow any logged-in user, including subscriber-level users, to access any of the functions registered in lib/api/api/ajax.php, which also grant access to the jupiterx_api_ajax_ actions registered by the JupiterX Core Plugin (\u003c=2.0.6). This includes the ability to deactivate arbitrary plugins as well as update the theme\u2019s API key."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.wordfence.com/blog/2022/05/critical-privilege-escalation-vulnerability-in-jupiter-and-jupiterx-premium-themes/",
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2022/05/critical-privilege-escalation-vulnerability-in-jupiter-and-jupiterx-premium-themes/"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2022-1656",
"datePublished": "2022-06-13T12:41:32.000Z",
"dateReserved": "2022-05-10T00:00:00.000Z",
"dateUpdated": "2025-02-13T20:44:26.903Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-3888 (GCVE-0-2025-3888)
Vulnerability from nvd – Published: 2025-05-17 11:17 – Updated: 2025-05-19 14:56
VLAI?
Title
Jupiterx Core <= 4.8.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Inline SVG
Summary
The Jupiter X Core plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File inclusion in all versions up to, and including, 4.8.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the page with the included SVG file.
Severity ?
6.4 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| artbees | Jupiter X Core |
Affected:
* , ≤ 4.8.12
(semver)
|
Credits
Matthew Rollings
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3888",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-19T14:56:45.616110Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-19T14:56:52.470Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Jupiter X Core",
"vendor": "artbees",
"versions": [
{
"lessThanOrEqual": "4.8.12",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Matthew Rollings"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Jupiter X Core plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File inclusion in all versions up to, and including, 4.8.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the page with the included SVG file."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-17T11:17:16.724Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f36f1ea5-62f7-48f0-a8d3-a56e0c9915d7?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/jupiterx-core/trunk/includes/extensions/raven/includes/modules/inline-svg/widgets/inline-svg.php#L304"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3292376/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-05-16T00:00:00.000+00:00",
"value": "Disclosed"
}
],
"title": "Jupiterx Core \u003c= 4.8.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Inline SVG"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-3888",
"datePublished": "2025-05-17T11:17:16.724Z",
"dateReserved": "2025-04-22T22:23:04.290Z",
"dateUpdated": "2025-05-19T14:56:52.470Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-2105 (GCVE-0-2025-2105)
Vulnerability from nvd – Published: 2025-04-26 05:34 – Updated: 2025-04-28 21:56
VLAI?
Title
Jupiter X Core <= 4.8.11 - Unauthenticated PHP Object Injection via PHAR
Summary
The Jupiter X Core plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.8.11 via deserialization of untrusted input from the 'file' parameter of the 'raven_download_file' function. This makes it possible for attackers to inject a PHP Object through a PHAR file. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present. This vulnerability may be exploited by unauthenticated attackers when a form is present on the site with the file download action, and the ability to upload files is also present. Otherwise, this would be considered exploitable by Contributor-level users and above, because they could create the form needed to successfully exploit this.
Severity ?
8.1 (High)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| artbees | Jupiter X Core |
Affected:
* , ≤ 4.8.11
(semver)
|
Credits
Nguyen Tan Phat
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2105",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-28T14:47:10.455673Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-28T21:56:02.444Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Jupiter X Core",
"vendor": "artbees",
"versions": [
{
"lessThanOrEqual": "4.8.11",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Nguyen Tan Phat"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Jupiter X Core plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.8.11 via deserialization of untrusted input from the \u0027file\u0027 parameter of the \u0027raven_download_file\u0027 function. This makes it possible for attackers to inject a PHP Object through a PHAR file. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present. This vulnerability may be exploited by unauthenticated attackers when a form is present on the site with the file download action, and the ability to upload files is also present. Otherwise, this would be considered exploitable by Contributor-level users and above, because they could create the form needed to successfully exploit this."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-26T05:34:22.050Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3427387e-30d2-40a5-9bfd-d458039d8e2e?source=cve"
},
{
"url": "https://wordpress.org/plugins/jupiterx-core/"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3279676/jupiterx-core/trunk/includes/extensions/raven/includes/utils.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-04-25T17:04:47.000+00:00",
"value": "Disclosed"
}
],
"title": "Jupiter X Core \u003c= 4.8.11 - Unauthenticated PHP Object Injection via PHAR"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-2105",
"datePublished": "2025-04-26T05:34:22.050Z",
"dateReserved": "2025-03-07T19:42:10.279Z",
"dateUpdated": "2025-04-28T21:56:02.444Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-0366 (GCVE-0-2025-0366)
Vulnerability from nvd – Published: 2025-02-01 05:30 – Updated: 2025-02-03 16:37
VLAI?
Title
Jupiter X Core <= 4.8.7 - Authenticated (Contributor+) SVG Upload to Local File Inclusion (Remote Code Execution)
Summary
The Jupiter X Core plugin for WordPress is vulnerable to Local File Inclusion to Remote Code Execution in all versions up to, and including, 4.8.7 via the get_svg() function. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution. In this specific case, an attacker can create a form that allows SVG uploads, upload an SVG file with malicious content and then include the SVG file in a post to achieve remote code execution. This means it is relatively easy to gain remote code execution as a contributor-level user and above by default.
Severity ?
8.8 (High)
CWE
- CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| artbees | Jupiter X Core |
Affected:
* , ≤ 4.8.7
(semver)
|
Credits
Matthew Rollings
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0366",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-03T16:22:38.402807Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-03T16:37:59.793Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Jupiter X Core",
"vendor": "artbees",
"versions": [
{
"lessThanOrEqual": "4.8.7",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Matthew Rollings"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Jupiter X Core plugin for WordPress is vulnerable to Local File Inclusion to Remote Code Execution in all versions up to, and including, 4.8.7 via the get_svg() function. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution. In this specific case, an attacker can create a form that allows SVG uploads, upload an SVG file with malicious content and then include the SVG file in a post to achieve remote code execution. This means it is relatively easy to gain remote code execution as a contributor-level user and above by default."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-98",
"description": "CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program (\u0027PHP Remote File Inclusion\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-01T05:30:37.253Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1a20dc1d-eb7c-47ac-ad9a-ec4c0d5db62e?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3231122/jupiterx-core/trunk/includes/extensions/raven/includes/modules/video/widgets/video.php"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3231122/jupiterx-core/trunk/includes/extensions/raven/includes/modules/forms/classes/ajax-handler.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-01-31T00:00:00.000+00:00",
"value": "Disclosed"
}
],
"title": "Jupiter X Core \u003c= 4.8.7 - Authenticated (Contributor+) SVG Upload to Local File Inclusion (Remote Code Execution)"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-0366",
"datePublished": "2025-02-01T05:30:37.253Z",
"dateReserved": "2025-01-09T17:09:57.454Z",
"dateUpdated": "2025-02-03T16:37:59.793Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-0365 (GCVE-0-2025-0365)
Vulnerability from nvd – Published: 2025-02-01 05:30 – Updated: 2025-02-03 16:37
VLAI?
Title
Jupiterx Core <= 4.8.7 - Authenticated (Contributor+) Arbitrary File Read
Summary
The Jupiter X Core plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 4.8.7 via the inline SVG feature. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.
Severity ?
6.5 (Medium)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| artbees | Jupiter X Core |
Affected:
* , ≤ 4.8.7
(semver)
|
Credits
Matthew Rollings
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0365",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-03T16:07:56.349028Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-03T16:37:53.139Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Jupiter X Core",
"vendor": "artbees",
"versions": [
{
"lessThanOrEqual": "4.8.7",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Matthew Rollings"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Jupiter X Core plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 4.8.7 via the inline SVG feature. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-01T05:30:37.677Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d3bc5ef7-6825-463f-a3ce-d6ab1fc0e030?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3231122/jupiterx-core/trunk/includes/extensions/raven/includes/modules/inline-svg/widgets/inline-svg.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-01-31T00:00:00.000+00:00",
"value": "Disclosed"
}
],
"title": "Jupiterx Core \u003c= 4.8.7 - Authenticated (Contributor+) Arbitrary File Read"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-0365",
"datePublished": "2025-02-01T05:30:37.677Z",
"dateReserved": "2025-01-09T16:58:05.458Z",
"dateUpdated": "2025-02-03T16:37:53.139Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-12033 (GCVE-0-2024-12033)
Vulnerability from nvd – Published: 2025-01-07 11:11 – Updated: 2025-01-07 14:25
VLAI?
Title
Jupiter X Core <= 4.8.5 - Missing Authorization to Authenticated Library Sync
Summary
The Jupiter X Core plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the sync_libraries() function in all versions up to, and including, 4.8.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to sync libraries
Severity ?
4.3 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| artbees | Jupiter X Core |
Affected:
* , ≤ 4.8.5
(semver)
|
Credits
Tieu Pham Trong Nhan
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12033",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-07T14:25:32.424413Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-07T14:25:50.999Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Jupiter X Core",
"vendor": "artbees",
"versions": [
{
"lessThanOrEqual": "4.8.5",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Tieu Pham Trong Nhan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Jupiter X Core plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the sync_libraries() function in all versions up to, and including, 4.8.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to sync libraries"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-07T11:11:11.179Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7e452aa0-bfb9-4805-b2ed-53464a4b5308?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3214798/jupiterx-core/trunk/includes/extensions/raven/includes/plugin.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-01-06T00:00:00.000+00:00",
"value": "Disclosed"
}
],
"title": "Jupiter X Core \u003c= 4.8.5 - Missing Authorization to Authenticated Library Sync"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-12033",
"datePublished": "2025-01-07T11:11:11.179Z",
"dateReserved": "2024-12-02T16:10:51.342Z",
"dateUpdated": "2025-01-07T14:25:50.999Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-12316 (GCVE-0-2024-12316)
Vulnerability from nvd – Published: 2025-01-07 11:11 – Updated: 2025-01-07 14:22
VLAI?
Title
Jupiter X Core <= 4.8.5 - Missing Authorization to Unauthenticated Popup Template Export
Summary
The Jupiter X Core plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_popup_action() function in all versions up to, and including, 4.8.5. This makes it possible for unauthenticated attackers to export popup templates.
Severity ?
5.3 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| artbees | Jupiter X Core |
Affected:
* , ≤ 4.8.5
(semver)
|
Credits
Tieu Pham Trong Nhan
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12316",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-07T14:22:24.180772Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-07T14:22:43.323Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Jupiter X Core",
"vendor": "artbees",
"versions": [
{
"lessThanOrEqual": "4.8.5",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Tieu Pham Trong Nhan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Jupiter X Core plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_popup_action() function in all versions up to, and including, 4.8.5. This makes it possible for unauthenticated attackers to export popup templates."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-07T11:11:10.560Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5db195c1-8917-4465-a5ca-21089afb0bc7?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/jupiterx-core/trunk/includes/popups/class.php#L475"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3214798/jupiterx-core/trunk/includes/popups/class.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-01-06T00:00:00.000+00:00",
"value": "Disclosed"
}
],
"title": "Jupiter X Core \u003c= 4.8.5 - Missing Authorization to Unauthenticated Popup Template Export"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-12316",
"datePublished": "2025-01-07T11:11:10.560Z",
"dateReserved": "2024-12-06T16:22:45.578Z",
"dateUpdated": "2025-01-07T14:22:43.323Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7781 (GCVE-0-2024-7781)
Vulnerability from nvd – Published: 2024-09-26 04:29 – Updated: 2024-09-26 14:08
VLAI?
Title
Jupiter X Core <= 4.7.5 - Limited Unauthenticated Authentication Bypass to Account Takeover
Summary
The Jupiter X Core plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 4.7.5. This is due to improper authentication via the Social Login widget. This makes it possible for unauthenticated attackers to log in as the first user to have logged in with a social media account, including administrator accounts. Attackers can exploit the vulnerability even if the Social Login element has been disabled, as long as it was previously enabled and used. The vulnerability was partially patched in version 4.7.5, and fully patched in version 4.7.8.
Severity ?
8.1 (High)
CWE
- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| artbees | Jupiter X Core |
Affected:
* , ≤ 4.7.5
(semver)
|
Credits
Geo Void
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:artbees:jupiter_x_core:*:*:*:*:*:wordpress:*:*"
],
"defaultStatus": "unknown",
"product": "jupiter_x_core",
"vendor": "artbees",
"versions": [
{
"lessThanOrEqual": "4.7.5",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7781",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-26T13:51:38.820022Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T14:08:53.334Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Jupiter X Core",
"vendor": "artbees",
"versions": [
{
"lessThanOrEqual": "4.7.5",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Geo Void"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Jupiter X Core plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 4.7.5. This is due to improper authentication via the Social Login widget. This makes it possible for unauthenticated attackers to log in as the first user to have logged in with a social media account, including administrator accounts. Attackers can exploit the vulnerability even if the Social Login element has been disabled, as long as it was previously enabled and used. The vulnerability was partially patched in version 4.7.5, and fully patched in version 4.7.8."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T04:29:59.599Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/efd279c2-9e95-45bd-9494-fb53a6333c65?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/jupiterx-core/trunk/includes/extensions/raven/includes/modules/forms/classes/social-login-handler/google.php"
},
{
"url": "https://plugins.trac.wordpress.org/browser/jupiterx-core/trunk/includes/extensions/raven/includes/modules/forms/classes/social-login-handler/facebook.php"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3153667/"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-09-25T16:13:20.000+00:00",
"value": "Disclosed"
}
],
"title": "Jupiter X Core \u003c= 4.7.5 - Limited Unauthenticated Authentication Bypass to Account Takeover"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-7781",
"datePublished": "2024-09-26T04:29:59.599Z",
"dateReserved": "2024-08-13T22:26:24.761Z",
"dateUpdated": "2024-09-26T14:08:53.334Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7772 (GCVE-0-2024-7772)
Vulnerability from nvd – Published: 2024-09-26 04:29 – Updated: 2024-09-26 14:09
VLAI?
Title
Jupiter X Core <= 4.6.5 - Unauthenticated Arbitrary File Upload
Summary
The Jupiter X Core plugin for WordPress is vulnerable to arbitrary file uploads due to a mishandled file type validation in the 'validate' function in all versions up to, and including, 4.6.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
Severity ?
9.8 (Critical)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| artbees | Jupiter X Core |
Affected:
* , ≤ 4.6.5
(semver)
|
Credits
Geo Void
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:artbees:jupiter_x_core:*:*:*:*:*:wordpress:*:*"
],
"defaultStatus": "unknown",
"product": "jupiter_x_core",
"vendor": "artbees",
"versions": [
{
"lessThanOrEqual": "4.6.5",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7772",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-26T13:53:13.844764Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T14:09:08.257Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Jupiter X Core",
"vendor": "artbees",
"versions": [
{
"lessThanOrEqual": "4.6.5",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Geo Void"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Jupiter X Core plugin for WordPress is vulnerable to arbitrary file uploads due to a mishandled file type validation in the \u0027validate\u0027 function in all versions up to, and including, 4.6.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site\u0027s server which may make remote code execution possible."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T04:29:58.902Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5b546d24-82c1-4598-8926-6e73a4784b38?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/jupiterx-core/trunk/includes/extensions/raven/includes/modules/forms/classes/ajax-handler.php"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3139412/"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-08-23T00:00:00.000+00:00",
"value": "Disclosed"
}
],
"title": "Jupiter X Core \u003c= 4.6.5 - Unauthenticated Arbitrary File Upload"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-7772",
"datePublished": "2024-09-26T04:29:58.902Z",
"dateReserved": "2024-08-13T19:43:55.202Z",
"dateUpdated": "2024-09-26T14:09:08.257Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1659 (GCVE-0-2022-1659)
Vulnerability from nvd – Published: 2022-06-13 13:17 – Updated: 2025-01-31 18:52
VLAI?
Title
JupiterX Core <= 2.0.6 - Information Disclosure, Modification, and Denial of Service
Summary
Vulnerable versions of the JupiterX Core (<= 2.0.6) plugin register an AJAX action jupiterx_conditional_manager which can be used to call any function in the includes/condition/class-condition-manager.php file by sending the desired function to call in the sub_action parameter. This can be used to view site configuration and logged-in users, modify post conditions, or perform a denial of service attack.
Severity ?
5.4 (Medium)
CWE
- CWE-284 - Improper Access Control
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ArtBees | Jupiter X Core |
Affected:
2.0.6 , ≤ 2.0.6
(custom)
|
Credits
Ramuel Gall, Wordfence
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:10:03.795Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.wordfence.com/blog/2022/05/critical-privilege-escalation-vulnerability-in-jupiter-and-jupiterx-premium-themes/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-1659",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-31T18:52:37.942185Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-31T18:52:43.279Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Jupiter X Core",
"vendor": "ArtBees",
"versions": [
{
"lessThanOrEqual": "2.0.6",
"status": "affected",
"version": "2.0.6",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Ramuel Gall, Wordfence"
}
],
"descriptions": [
{
"lang": "en",
"value": "Vulnerable versions of the JupiterX Core (\u003c= 2.0.6) plugin register an AJAX action jupiterx_conditional_manager which can be used to call any function in the includes/condition/class-condition-manager.php file by sending the desired function to call in the sub_action parameter. This can be used to view site configuration and logged-in users, modify post conditions, or perform a denial of service attack."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-13T13:17:10.000Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.wordfence.com/blog/2022/05/critical-privilege-escalation-vulnerability-in-jupiter-and-jupiterx-premium-themes/"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "JupiterX Core \u003c= 2.0.6 - Information Disclosure, Modification, and Denial of Service",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "Wordfence",
"ASSIGNER": "security@wordfence.com",
"ID": "CVE-2022-1659",
"STATE": "PUBLIC",
"TITLE": "JupiterX Core \u003c= 2.0.6 - Information Disclosure, Modification, and Denial of Service"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jupiter X Core",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "2.0.6",
"version_value": "2.0.6"
}
]
}
}
]
},
"vendor_name": "ArtBees"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Ramuel Gall, Wordfence"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerable versions of the JupiterX Core (\u003c= 2.0.6) plugin register an AJAX action jupiterx_conditional_manager which can be used to call any function in the includes/condition/class-condition-manager.php file by sending the desired function to call in the sub_action parameter. This can be used to view site configuration and logged-in users, modify post conditions, or perform a denial of service attack."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.wordfence.com/blog/2022/05/critical-privilege-escalation-vulnerability-in-jupiter-and-jupiterx-premium-themes/",
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2022/05/critical-privilege-escalation-vulnerability-in-jupiter-and-jupiterx-premium-themes/"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2022-1659",
"datePublished": "2022-06-13T13:17:10.000Z",
"dateReserved": "2022-05-10T00:00:00.000Z",
"dateUpdated": "2025-01-31T18:52:43.279Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1654 (GCVE-0-2022-1654)
Vulnerability from nvd – Published: 2022-06-13 13:16 – Updated: 2025-01-31 18:53
VLAI?
Title
Jupiter Theme <= 6.10.1 and JupiterX Core Plugin <= 2.0.7 - Authenticated Privilege Escalation
Summary
Jupiter Theme <= 6.10.1 and JupiterX Core Plugin <= 2.0.7 allow any authenticated attacker, including a subscriber or customer-level attacker, to gain administrative privileges via the "abb_uninstall_template" (both) and "jupiterx_core_cp_uninstall_template" (JupiterX Core Only) AJAX actions
Severity ?
8.8 (High)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ArtBees | Jupiter X Core |
Affected:
2.0.7 , ≤ 2.0.7
(custom)
|
||
Credits
Ramuel Gall, Wordfence
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:10:03.696Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.wordfence.com/blog/2022/05/critical-privilege-escalation-vulnerability-in-jupiter-and-jupiterx-premium-themes/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-1654",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-31T18:52:58.891956Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-31T18:53:07.071Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Jupiter X Core",
"vendor": "ArtBees",
"versions": [
{
"lessThanOrEqual": "2.0.7",
"status": "affected",
"version": "2.0.7",
"versionType": "custom"
}
]
},
{
"product": "Jupiter",
"vendor": "ArtBees",
"versions": [
{
"lessThanOrEqual": "6.10.1",
"status": "affected",
"version": "6.10.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Ramuel Gall, Wordfence"
}
],
"descriptions": [
{
"lang": "en",
"value": "Jupiter Theme \u003c= 6.10.1 and JupiterX Core Plugin \u003c= 2.0.7 allow any authenticated attacker, including a subscriber or customer-level attacker, to gain administrative privileges via the \"abb_uninstall_template\" (both) and \"jupiterx_core_cp_uninstall_template\" (JupiterX Core Only) AJAX actions"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-13T13:16:09.000Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.wordfence.com/blog/2022/05/critical-privilege-escalation-vulnerability-in-jupiter-and-jupiterx-premium-themes/"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Jupiter Theme \u003c= 6.10.1 and JupiterX Core Plugin \u003c= 2.0.7 - Authenticated Privilege Escalation",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "Wordfence",
"ASSIGNER": "security@wordfence.com",
"ID": "CVE-2022-1654",
"STATE": "PUBLIC",
"TITLE": "Jupiter Theme \u003c= 6.10.1 and JupiterX Core Plugin \u003c= 2.0.7 - Authenticated Privilege Escalation"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jupiter X Core",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "2.0.7",
"version_value": "2.0.7"
}
]
}
}
]
},
"vendor_name": "ArtBees"
},
{
"product": {
"product_data": [
{
"product_name": "Jupiter",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "6.10.1",
"version_value": "6.10.1"
}
]
}
}
]
},
"vendor_name": "ArtBees"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Ramuel Gall, Wordfence"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Jupiter Theme \u003c= 6.10.1 and JupiterX Core Plugin \u003c= 2.0.7 allow any authenticated attacker, including a subscriber or customer-level attacker, to gain administrative privileges via the \"abb_uninstall_template\" (both) and \"jupiterx_core_cp_uninstall_template\" (JupiterX Core Only) AJAX actions"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.wordfence.com/blog/2022/05/critical-privilege-escalation-vulnerability-in-jupiter-and-jupiterx-premium-themes/",
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2022/05/critical-privilege-escalation-vulnerability-in-jupiter-and-jupiterx-premium-themes/"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2022-1654",
"datePublished": "2022-06-13T13:16:09.000Z",
"dateReserved": "2022-05-10T00:00:00.000Z",
"dateUpdated": "2025-01-31T18:53:07.071Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1656 (GCVE-0-2022-1656)
Vulnerability from nvd – Published: 2022-06-13 12:41 – Updated: 2025-02-13 20:44
VLAI?
Title
JupiterX Theme <= 2.0.6 and JupiterX Core <= 2.0.6 - Authenticated Arbitrary Plugin Deactivation and Settings Modification
Summary
Vulnerable versions of the JupiterX Theme (<=2.0.6) allow any logged-in user, including subscriber-level users, to access any of the functions registered in lib/api/api/ajax.php, which also grant access to the jupiterx_api_ajax_ actions registered by the JupiterX Core Plugin (<=2.0.6). This includes the ability to deactivate arbitrary plugins as well as update the theme’s API key.
Severity ?
5.4 (Medium)
CWE
- CWE-284 - Improper Access Control
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ArtBees | Jupiter X Core |
Affected:
2.0.6 , ≤ 2.0.6
(custom)
|
||
Credits
Ramuel Gall, Wordfence
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:10:03.824Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.wordfence.com/blog/2022/05/critical-privilege-escalation-vulnerability-in-jupiter-and-jupiterx-premium-themes/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-1656",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-13T20:44:23.073764Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-13T20:44:26.903Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Jupiter X Core",
"vendor": "ArtBees",
"versions": [
{
"lessThanOrEqual": "2.0.6",
"status": "affected",
"version": "2.0.6",
"versionType": "custom"
}
]
},
{
"product": "Jupiter X",
"vendor": "ArtBees",
"versions": [
{
"lessThanOrEqual": "2.0.6",
"status": "affected",
"version": "2.0.6",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Ramuel Gall, Wordfence"
}
],
"descriptions": [
{
"lang": "en",
"value": "Vulnerable versions of the JupiterX Theme (\u003c=2.0.6) allow any logged-in user, including subscriber-level users, to access any of the functions registered in lib/api/api/ajax.php, which also grant access to the jupiterx_api_ajax_ actions registered by the JupiterX Core Plugin (\u003c=2.0.6). This includes the ability to deactivate arbitrary plugins as well as update the theme\u2019s API key."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-13T12:41:32.000Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.wordfence.com/blog/2022/05/critical-privilege-escalation-vulnerability-in-jupiter-and-jupiterx-premium-themes/"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "JupiterX Theme \u003c= 2.0.6 and JupiterX Core \u003c= 2.0.6 - Authenticated Arbitrary Plugin Deactivation and Settings Modification",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "Wordfence",
"ASSIGNER": "security@wordfence.com",
"ID": "CVE-2022-1656",
"STATE": "PUBLIC",
"TITLE": "JupiterX Theme \u003c= 2.0.6 and JupiterX Core \u003c= 2.0.6 - Authenticated Arbitrary Plugin Deactivation and Settings Modification"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jupiter X Core",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "2.0.6",
"version_value": "2.0.6"
}
]
}
}
]
},
"vendor_name": "ArtBees"
},
{
"product": {
"product_data": [
{
"product_name": "Jupiter X",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "2.0.6",
"version_value": "2.0.6"
}
]
}
}
]
},
"vendor_name": "ArtBees"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Ramuel Gall, Wordfence"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerable versions of the JupiterX Theme (\u003c=2.0.6) allow any logged-in user, including subscriber-level users, to access any of the functions registered in lib/api/api/ajax.php, which also grant access to the jupiterx_api_ajax_ actions registered by the JupiterX Core Plugin (\u003c=2.0.6). This includes the ability to deactivate arbitrary plugins as well as update the theme\u2019s API key."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.wordfence.com/blog/2022/05/critical-privilege-escalation-vulnerability-in-jupiter-and-jupiterx-premium-themes/",
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2022/05/critical-privilege-escalation-vulnerability-in-jupiter-and-jupiterx-premium-themes/"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2022-1656",
"datePublished": "2022-06-13T12:41:32.000Z",
"dateReserved": "2022-05-10T00:00:00.000Z",
"dateUpdated": "2025-02-13T20:44:26.903Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}