Description

WordPress Plugin JupiterX Core is prone to multiple vulnerabilities, including information disclosure and denial of service vulnerabilities. Exploiting these issues could allow an attacker to obtain sensitive information that may help in launching further attacks, or to cause the affected website to consume memory and CPU resources, thus denying service to legitimate users. WordPress Plugin JupiterX Core version 2.0.6 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 2.0.7 or latest

References

https://www.wordfence.com/blog/2022/05/critical-privilege-escalation-vulnerability-in-jupiter-and-jupiterx-premium-themes/

Related Vulnerabilities

WordPress Plugin Page Builder:KingComposer-Free Drag and Drop page builder by King-Theme Cross-Site Scripting (2.8.2)

WordPress Plugin Image Hover Effects Ultimate (Image Gallery, Effects, Lightbox, Comparison or Magnifier) Multiple Cross-Site Scripting Vulnerabilities (9.7.3)

WordPress Plugin Simplelife Cross-Site Request Forgery (1.2)

PHP Use of Password Hash With Insufficient Computational Effort Vulnerability (CVE-2023-0567)

WordPress Plugin WP Taxonomy Import Cross-Site Scripting (1.0.4)

Severity

High

Classification

CVE-2022-1659 CWE-200 CWE-400 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Tags

Missing Update