Description

WordPress Plugin JupiterX Core is prone to multiple vulnerabilities, including information disclosure and denial of service vulnerabilities. Exploiting these issues could allow an attacker to obtain sensitive information that may help in launching further attacks, or to cause the affected website to consume memory and CPU resources, thus denying service to legitimate users. WordPress Plugin JupiterX Core version 2.0.6 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 2.0.7 or latest

References

https://www.wordfence.com/blog/2022/05/critical-privilege-escalation-vulnerability-in-jupiter-and-jupiterx-premium-themes/

Related Vulnerabilities

WordPress Plugin Brizy-Page Builder Multiple Vulnerabilities (2.3.11)

Drupal Core 7.x Multiple Vulnerabilities (7.0)

MySQL CVE-2015-4815 Vulnerability (CVE-2015-4815)

WordPress Plugin Booking.com Product Helper Cross-Site Scripting (1.0.1)

WordPress Plugin Welcart e-Commerce Cross-Site Scripting (2.2.3)

Severity

High

Classification

CVE-2022-1659 CWE-200 CWE-400 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Tags

Missing Update