CVE-2024-7781 (GCVE-0-2024-7781)

Vulnerability from cvelistv5 – Published: 2024-09-26 04:29 – Updated: 2024-09-26 14:08
VLAI?
Title
Jupiter X Core <= 4.7.5 - Limited Unauthenticated Authentication Bypass to Account Takeover
Summary
The Jupiter X Core plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 4.7.5. This is due to improper authentication via the Social Login widget. This makes it possible for unauthenticated attackers to log in as the first user to have logged in with a social media account, including administrator accounts. Attackers can exploit the vulnerability even if the Social Login element has been disabled, as long as it was previously enabled and used. The vulnerability was partially patched in version 4.7.5, and fully patched in version 4.7.8.
Severity ?
8.1 (High)
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE
  • CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
References
Impacted products
Vendor Product Version
artbees Jupiter X Core Affected: * , ≤ 4.7.5 (semver)
Create a notification for this product.
Credits
Geo Void
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:artbees:jupiter_x_core:*:*:*:*:*:wordpress:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "jupiter_x_core",
            "vendor": "artbees",
            "versions": [
              {
                "lessThanOrEqual": "4.7.5",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-7781",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-26T13:51:38.820022Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-26T14:08:53.334Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Jupiter X Core",
          "vendor": "artbees",
          "versions": [
            {
              "lessThanOrEqual": "4.7.5",
              "status": "affected",
              "version": "*",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Geo Void"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Jupiter X Core plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 4.7.5. This is due to improper authentication via the Social Login widget. This makes it possible for unauthenticated attackers to log in as the first user to have logged in with a social media account, including administrator accounts. Attackers can exploit the vulnerability even if the Social Login element has been disabled, as long as it was previously enabled and used. The vulnerability was partially patched in version 4.7.5, and fully patched in version 4.7.8."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-288",
              "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-26T04:29:59.599Z",
        "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "shortName": "Wordfence"
      },
      "references": [
        {
          "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/efd279c2-9e95-45bd-9494-fb53a6333c65?source=cve"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/jupiterx-core/trunk/includes/extensions/raven/includes/modules/forms/classes/social-login-handler/google.php"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/jupiterx-core/trunk/includes/extensions/raven/includes/modules/forms/classes/social-login-handler/facebook.php"
        },
        {
          "url": "https://plugins.trac.wordpress.org/changeset/3153667/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-09-25T16:13:20.000+00:00",
          "value": "Disclosed"
        }
      ],
      "title": "Jupiter X Core \u003c= 4.7.5 - Limited Unauthenticated Authentication Bypass to Account Takeover"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
    "assignerShortName": "Wordfence",
    "cveId": "CVE-2024-7781",
    "datePublished": "2024-09-26T04:29:59.599Z",
    "dateReserved": "2024-08-13T22:26:24.761Z",
    "dateUpdated": "2024-09-26T14:08:53.334Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:artbees:jupiter_x_core:*:*:*:*:*:wordpress:*:*\", \"versionEndExcluding\": \"4.7.8\", \"matchCriteriaId\": \"60704039-8642-47A2-8565-56462D56EEDC\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The Jupiter X Core plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 4.7.5. This is due to improper authentication via the Social Login widget. This makes it possible for unauthenticated attackers to log in as the first user to have logged in with a social media account, including administrator accounts. Attackers can exploit the vulnerability even if the Social Login element has been disabled, as long as it was previously enabled and used. The vulnerability was partially patched in version 4.7.5, and fully patched in version 4.7.8.\"}, {\"lang\": \"es\", \"value\": \"El complemento Jupiter X Core para WordPress es vulnerable a la omisi\\u00f3n de la autenticaci\\u00f3n en todas las versiones hasta la 4.7.5 incluida. Esto se debe a una autenticaci\\u00f3n incorrecta a trav\\u00e9s del widget de inicio de sesi\\u00f3n social. Esto permite que atacantes no autenticados inicien sesi\\u00f3n como el primer usuario que haya iniciado sesi\\u00f3n con una cuenta de red social, incluidas las cuentas de administrador. Los atacantes pueden explotar la vulnerabilidad incluso si el elemento de inicio de sesi\\u00f3n social se ha deshabilitado, siempre que se haya habilitado y utilizado previamente. La vulnerabilidad se solucion\\u00f3 parcialmente en la versi\\u00f3n 4.7.5 y completamente en la versi\\u00f3n 4.7.8.\"}]",
      "id": "CVE-2024-7781",
      "lastModified": "2024-10-02T16:21:03.113",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"security@wordfence.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.1, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.2, \"impactScore\": 5.9}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}]}",
      "published": "2024-09-26T05:15:12.470",
      "references": "[{\"url\": \"https://plugins.trac.wordpress.org/browser/jupiterx-core/trunk/includes/extensions/raven/includes/modules/forms/classes/social-login-handler/facebook.php\", \"source\": \"security@wordfence.com\", \"tags\": [\"Product\"]}, {\"url\": \"https://plugins.trac.wordpress.org/browser/jupiterx-core/trunk/includes/extensions/raven/includes/modules/forms/classes/social-login-handler/google.php\", \"source\": \"security@wordfence.com\", \"tags\": [\"Product\"]}, {\"url\": \"https://plugins.trac.wordpress.org/changeset/3153667/\", \"source\": \"security@wordfence.com\", \"tags\": [\"Patch\"]}, {\"url\": \"https://www.wordfence.com/threat-intel/vulnerabilities/id/efd279c2-9e95-45bd-9494-fb53a6333c65?source=cve\", \"source\": \"security@wordfence.com\", \"tags\": [\"Third Party Advisory\"]}]",
      "sourceIdentifier": "security@wordfence.com",
      "vulnStatus": "Analyzed",
      "weaknesses": "[{\"source\": \"security@wordfence.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-288\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-306\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-7781\",\"sourceIdentifier\":\"security@wordfence.com\",\"published\":\"2024-09-26T05:15:12.470\",\"lastModified\":\"2024-10-02T16:21:03.113\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Jupiter X Core plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 4.7.5. This is due to improper authentication via the Social Login widget. This makes it possible for unauthenticated attackers to log in as the first user to have logged in with a social media account, including administrator accounts. Attackers can exploit the vulnerability even if the Social Login element has been disabled, as long as it was previously enabled and used. The vulnerability was partially patched in version 4.7.5, and fully patched in version 4.7.8.\"},{\"lang\":\"es\",\"value\":\"El complemento Jupiter X Core para WordPress es vulnerable a la omisi\u00f3n de la autenticaci\u00f3n en todas las versiones hasta la 4.7.5 incluida. Esto se debe a una autenticaci\u00f3n incorrecta a trav\u00e9s del widget de inicio de sesi\u00f3n social. Esto permite que atacantes no autenticados inicien sesi\u00f3n como el primer usuario que haya iniciado sesi\u00f3n con una cuenta de red social, incluidas las cuentas de administrador. Los atacantes pueden explotar la vulnerabilidad incluso si el elemento de inicio de sesi\u00f3n social se ha deshabilitado, siempre que se haya habilitado y utilizado previamente. La vulnerabilidad se solucion\u00f3 parcialmente en la versi\u00f3n 4.7.5 y completamente en la versi\u00f3n 4.7.8.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security@wordfence.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security@wordfence.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-288\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-306\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:artbees:jupiter_x_core:*:*:*:*:*:wordpress:*:*\",\"versionEndExcluding\":\"4.7.8\",\"matchCriteriaId\":\"60704039-8642-47A2-8565-56462D56EEDC\"}]}]}],\"references\":[{\"url\":\"https://plugins.trac.wordpress.org/browser/jupiterx-core/trunk/includes/extensions/raven/includes/modules/forms/classes/social-login-handler/facebook.php\",\"source\":\"security@wordfence.com\",\"tags\":[\"Product\"]},{\"url\":\"https://plugins.trac.wordpress.org/browser/jupiterx-core/trunk/includes/extensions/raven/includes/modules/forms/classes/social-login-handler/google.php\",\"source\":\"security@wordfence.com\",\"tags\":[\"Product\"]},{\"url\":\"https://plugins.trac.wordpress.org/changeset/3153667/\",\"source\":\"security@wordfence.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://www.wordfence.com/threat-intel/vulnerabilities/id/efd279c2-9e95-45bd-9494-fb53a6333c65?source=cve\",\"source\":\"security@wordfence.com\",\"tags\":[\"Third Party Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-7781\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-26T13:51:38.820022Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:artbees:jupiter_x_core:*:*:*:*:*:wordpress:*:*\"], \"vendor\": \"artbees\", \"product\": \"jupiter_x_core\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"4.7.5\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-26T13:52:47.472Z\"}}], \"cna\": {\"title\": \"Jupiter X Core \u003c= 4.7.5 - Limited Unauthenticated Authentication Bypass to Account Takeover\", \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Geo Void\"}], \"metrics\": [{\"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 8.1, \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\"}}], \"affected\": [{\"vendor\": \"artbees\", \"product\": \"Jupiter X Core\", \"versions\": [{\"status\": \"affected\", \"version\": \"*\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"4.7.5\"}], \"defaultStatus\": \"unaffected\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2024-09-25T16:13:20.000+00:00\", \"value\": \"Disclosed\"}], \"references\": [{\"url\": \"https://www.wordfence.com/threat-intel/vulnerabilities/id/efd279c2-9e95-45bd-9494-fb53a6333c65?source=cve\"}, {\"url\": \"https://plugins.trac.wordpress.org/browser/jupiterx-core/trunk/includes/extensions/raven/includes/modules/forms/classes/social-login-handler/google.php\"}, {\"url\": \"https://plugins.trac.wordpress.org/browser/jupiterx-core/trunk/includes/extensions/raven/includes/modules/forms/classes/social-login-handler/facebook.php\"}, {\"url\": \"https://plugins.trac.wordpress.org/changeset/3153667/\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"The Jupiter X Core plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 4.7.5. This is due to improper authentication via the Social Login widget. This makes it possible for unauthenticated attackers to log in as the first user to have logged in with a social media account, including administrator accounts. Attackers can exploit the vulnerability even if the Social Login element has been disabled, as long as it was previously enabled and used. The vulnerability was partially patched in version 4.7.5, and fully patched in version 4.7.8.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-288\", \"description\": \"CWE-288 Authentication Bypass Using an Alternate Path or Channel\"}]}], \"providerMetadata\": {\"orgId\": \"b15e7b5b-3da4-40ae-a43c-f7aa60e62599\", \"shortName\": \"Wordfence\", \"dateUpdated\": \"2024-09-26T04:29:59.599Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-7781\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-09-26T14:08:53.334Z\", \"dateReserved\": \"2024-08-13T22:26:24.761Z\", \"assignerOrgId\": \"b15e7b5b-3da4-40ae-a43c-f7aa60e62599\", \"datePublished\": \"2024-09-26T04:29:59.599Z\", \"assignerShortName\": \"Wordfence\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.