Description

WordPress Plugin JupiterX Core is prone to multiple vulnerabilities, including information disclosure and denial of service vulnerabilities. Exploiting these issues could allow an attacker to obtain sensitive information that may help in launching further attacks, or to cause the affected website to consume memory and CPU resources, thus denying service to legitimate users. WordPress Plugin JupiterX Core version 2.0.6 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 2.0.7 or latest

References

https://www.wordfence.com/blog/2022/05/critical-privilege-escalation-vulnerability-in-jupiter-and-jupiterx-premium-themes/

Related Vulnerabilities

MySQL CVE-2014-6489 Vulnerability (CVE-2014-6489)

SharePoint Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-0864)

MySQL CVE-2014-2434 Vulnerability (CVE-2014-2434)

WordPress Plugin Zielke Specialized Catalog Arbitrary File Upload (3.0.7)

WordPress Plugin Sniplets Multiple Input Validation Vulnerabilities (1.2.2)

Severity

High

Classification

CVE-2022-1659 CWE-200 CWE-400 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Tags

Missing Update