Description

WordPress Plugin JupiterX Core is prone to multiple vulnerabilities, including information disclosure and denial of service vulnerabilities. Exploiting these issues could allow an attacker to obtain sensitive information that may help in launching further attacks, or to cause the affected website to consume memory and CPU resources, thus denying service to legitimate users. WordPress Plugin JupiterX Core version 2.0.6 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 2.0.7 or latest

References

https://www.wordfence.com/blog/2022/05/critical-privilege-escalation-vulnerability-in-jupiter-and-jupiterx-premium-themes/

Related Vulnerabilities

axios Server-Side Request Forgery (SSRF) Vulnerability (CVE-2020-28168)

WordPress Plugin Featured Post with thumbnail Unspecified Vulnerability (1.4)

MySQL CVE-2015-0423 Vulnerability (CVE-2015-0423)

Oracle Database Server CVE-2012-1751 Vulnerability (CVE-2012-1751)

WordPress Plugin jQuery Reply to Comment Cross-Site Request Forgery (1.31)

Severity

High

Classification

CVE-2022-1659 CWE-200 CWE-400 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Tags

Missing Update