CVE-2022-1656

Name of the Vulnerable Software and Affected Versions JupiterX Theme versions <=2.0.6 JupiterX Core Plugin versions <=2.0.6

Description The issue allows any logged-in user to access functions registered in "lib/api/api/ajax.php", including jupiterx api ajax actions. This grants the ability to deactivate arbitrary plugins and update the theme's API key.

Recommendations For JupiterX Theme versions <=2.0.6, update to a version greater than 2.0.6 to resolve the issue. For JupiterX Core Plugin versions <=2.0.6, update to a version greater than 2.0.6 to resolve the issue. As a temporary workaround, consider restricting access to the "lib/api/api/ajax.php" file until a patch is available. Restrict access to the jupiterx api ajax actions to minimize the risk of exploitation.