Lucene search
WpvulndbWPVDB-ID:D310F473-0CBB-4EEE-AF2D-D066183A6694HistoryMay 18, 2022 - 12:00 a.m.
JupiterX < 2.0.7 & JupiterX Core < 2.0.7 - Subscriber+ Arbitrary Plugin Deactivation and Settings Update
2022-05-1800:00:00
wpscan.com
12
0.001 Low
EPSS
Percentile
22.7%
Any logged-in user, including subscriber-level users, can access any of the functions registered in lib/api/api/ajax.php, which also grant access to the jupiterx_api_ajax_ actions registered by the JupiterX Core Plugin. This includes the ability to deactivate arbitrary plugins as well as update the themeβs API key.
| CPE | Name | Operator | Version |
|---|---|---|---|
| jupiterx-core | lt | 2.0.7 | |
| jupiterx | lt | 2.0.7 |
Related
patchstack
patchstack
cvelist
cvelist
cve
cve
CVE-2022-1656
2022-06-13 13:15:11
prion
prion
Design/Logic Flaw
2022-06-13 13:15:00
nvd
nvd
CVE-2022-1656
2022-06-13 13:15:11
threatpost
threatpost
Critical Vulnerability in Premium WordPress Themes Allows for Site Takeover
2022-05-19 13:03:37
wordfence
wordfence