CVE-2023-3813

2023-07-2103:15:10

CWE-22

[email protected]

web.nvd.nist.gov

jupiter x core

wordpress

plugin

vulnerability

arbitrary file downloads

nvd

cve-2023-3813

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

42.1%

JSON

The Jupiter X Core plugin for WordPress is vulnerable to arbitrary file downloads in versions up to, and including, 2.5.0. This makes it possible for unauthenticated attackers to download the contents of arbitrary files on the server, which can contain sensitive information. The requires the premium version of the plugin to be activated.

Affected configurations

Vulners

NVD

Node

artbees\/jupiter_x_coreRange≤2.5.0

CPENameOperatorVersion
artbees:jupiter_x_coreartbees jupiter x corele2.5.0

CPE	Name	Operator	Version
artbees:jupiter_x_core	artbees jupiter x core	le	2.5.0

CNA Affected

[
  {
    "vendor": "artbees/",
    "product": "Jupiter X Core",
    "versions": [
      {
        "version": "*",
        "status": "affected",
        "lessThanOrEqual": "2.5.0",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]