Description

WordPress Plugin JupiterX Core is prone to multiple vulnerabilities, including information disclosure and denial of service vulnerabilities. Exploiting these issues could allow an attacker to obtain sensitive information that may help in launching further attacks, or to cause the affected website to consume memory and CPU resources, thus denying service to legitimate users. WordPress Plugin JupiterX Core version 2.0.6 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 2.0.7 or latest

References

https://www.wordfence.com/blog/2022/05/critical-privilege-escalation-vulnerability-in-jupiter-and-jupiterx-premium-themes/

Related Vulnerabilities

WordPress Plugin Chat-Support Board-WordPress Chat Multiple SQL Injection Vulnerabilities (3.3.3)

WordPress Plugin OneSignal-Web Push Notifications Cross-Site Scripting (1.17.7)

Drupal Core 8.x Multiple Vulnerabilities (8.0.0 - 8.1.9)

WordPress Plugin VaultPress Cross-Site Scripting (1.7.7)

WordPress 4.1.x Cross-Domain Flash Injection Vulnerability (4.1 - 4.1.21)

Severity

High

Classification

CVE-2022-1659 CWE-200 CWE-400 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Tags

Missing Update