CVE-2022-1659

Name of the Vulnerable Software and Affected Versions JupiterX Core versions <= 2.0.6

Description The issue allows an attacker to call any function in the includes/condition/class-condition-manager.php file by sending the desired function to call in the sub action parameter through the AJAX action jupiterx conditional manager. This can be used to view site configuration and logged-in users, modify post conditions, or perform a denial of service attack.

Recommendations For versions <= 2.0.6, update to a version greater than 2.0.6 to resolve the issue. As a temporary workaround, consider restricting access to the jupiterx conditional manager AJAX action to minimize the risk of exploitation. Avoid using the sub action parameter in the affected AJAX endpoint until the issue is resolved.