PT-2022-3453 · WordPress · Jupiter Theme+1
Ramuel Gall
·
Published
2022-05-19
·
Updated
2022-06-21
·
CVE-2022-1654
CVSS v2.0
10
High
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Jupiter Theme versions 6.10.1 and earlier
JupiterX Core Plugin versions 2.0.7 and earlier
Description
The issue is related to insecure privilege management in the Jupiter Theme and JupiterX Core Plugin for WordPress. It allows any authenticated attacker to gain administrative privileges via specific AJAX actions, including
abb uninstall template and jupiterx core cp uninstall template.Recommendations
For Jupiter Theme versions 6.10.1 and earlier, update to a version later than 6.10.1 to resolve the issue.
For JupiterX Core Plugin versions 2.0.7 and earlier, update to a version later than 2.0.7 to resolve the issue.
As a temporary workaround, consider disabling the
abb uninstall template and jupiterx core cp uninstall template AJAX actions until a patch is available.Exploit
Fix
Improper Privilege Management
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Jupiter Theme
Jupiterx Core Plugin