CVE-2026-3533

Name of the Vulnerable Software and Affected Versions Jupiter X Core plugin for WordPress versions through 4.14.1

Description The Jupiter X Core plugin for WordPress is susceptible to limited file uploads because of missing authorization in the import popup templates() function and inadequate file type validation within the upload files() function. This allows attackers with Subscriber-level access or higher to upload potentially dangerous files. Successful exploitation could lead to Remote Code Execution on servers configured to execute .phar files as PHP, or Stored Cross-Site Scripting through the upload of .svg, .dfxp, or .xhtml files.

Recommendations Update Jupiter X Core plugin to a version later than 4.14.1.