Unauthorized File Uploads Vulnerability in X Core plugin for WordPress
CVE-2024-7772

9.8CRITICAL

Key Information:

Vendor: Wordpress
Status: Jupiter X Core
Vendor: CVE Published:; 26 September 2024

Summary

The Jupiter X Core plugin for WordPress is impacted by a vulnerability that allows unauthenticated attackers to upload arbitrary files due to improper file type validation in its 'validate' function. This flaw affects all versions up to and including 4.6.5. Once exploited, it potentially enables remote code execution on the server hosting the affected site, posing significant security risks.

Affected Version(s)

Jupiter X Core * <= 4.6.5

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/jupiterx-core/...

https://plugins.trac.wordpress.org/changeset/3139412/

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 26, 2024
Vulnerability Reserved
Aug 13, 2024

Credit

Geo Void