Lucene search
PRIOn knowledge basePRION:CVE-2022-1656HistoryJun 13, 2022 - 1:15 p.m.
Design/Logic Flaw
2022-06-1313:15:00
PRIOn knowledge base
www.prio-n.com
5
Vulnerable versions of the JupiterX Theme (<=2.0.6) allow any logged-in user, including subscriber-level users, to access any of the functions registered in lib/api/api/ajax.php, which also grant access to the jupiterx_api_ajax_ actions registered by the JupiterX Core Plugin (<=2.0.6). This includes the ability to deactivate arbitrary plugins as well as update the themeβs API key.
| CPE | Name | Operator | Version |
|---|---|---|---|
| jupiter_x_core | le | 2.0.6 | |
| jupiterx | le | 2.0.6 |
Related
patchstack
patchstack
cvelist
cvelist
cve
cve
CVE-2022-1656
2022-06-13 13:15:11
nvd
nvd
CVE-2022-1656
2022-06-13 13:15:11
wpvulndb
wpvulndb
threatpost
threatpost
Critical Vulnerability in Premium WordPress Themes Allows for Site Takeover
2022-05-19 13:03:37
wordfence
wordfence