83 matches found
CVE-2026-3533
The Jupiter X Core plugin for WordPress is vulnerable to limited file uploads due to missing authorization on importpopuptemplates function as well as insufficient file type validation in the uploadfiles function in all versions up to, and including, 4.14.1. This makes it possible for Authenticat...
CVE-2026-3533
The Jupiter X Core plugin for WordPress is vulnerable to limited file uploads due to missing authorization on importpopuptemplates function as well as insufficient file type validation in the uploadfiles function in all versions up to, and including, 4.14.1. This makes it possible for Authenticat...
WordPress plugin Jupiter X Core 代码问题漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
CVE-2026-3533
The Jupiter X Core plugin for WordPress is vulnerable to limited file uploads due to missing authorization on importpopuptemplates function as well as insufficient file type validation in the uploadfiles function in all versions up to, and including, 4.14.1. This makes it possible for Authenticat...
CVE-2026-3533 JupiterX Core <= 4.14.1 - Authenticated (Subscriber+) Missing Authorization To Limited File Upload via Popup Template Import
The Jupiter X Core plugin for WordPress is vulnerable to limited file uploads due to missing authorization on importpopuptemplates function as well as insufficient file type validation in the uploadfiles function in all versions up to, and including, 4.14.1. This makes it possible for Authenticat...
CVE-2026-3533
CVE-2026-3533 (Jupiter X Core WordPress plugin) is a vulnerability in all versions up to 4.14.1 where limited file uploads are possible due to missing authorization on import_popup_templates() and inadequate file-type validation in upload_files(). Authenticated users with Subscriber-level access ...
PT-2026-27264
Name of the Vulnerable Software and Affected Versions Jupiter X Core plugin for WordPress versions through 4.14.1 Description The Jupiter X Core plugin for WordPress is susceptible to limited file uploads because of missing authorization in the import popup templates function and inadequate file...
EUVD-2025-1628
Malicious code in bioql PyPI...
EUVD-2025-12494
Malicious code in bioql PyPI...
EUVD-2023-44446
Malicious code in bioql PyPI...
EUVD-2024-48642
Malicious code in bioql PyPI...
EUVD-2024-50548
Malicious code in bioql PyPI...
EUVD-2025-1629
Malicious code in bioql PyPI...
EUVD-2024-50766
Malicious code in bioql PyPI...
CVE-2025-0365
The Jupiter X Core plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 4.8.7 via the inline SVG feature. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the contents of arbitrary files on the server,...
CVE-2024-12033
The Jupiter X Core plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the synclibraries function in all versions up to, and including, 4.8.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to sync libraries...
CVE-2024-12316
The Jupiter X Core plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the exportpopupaction function in all versions up to, and including, 4.8.5. This makes it possible for unauthenticated attackers to export popup templates...
CVE-2023-3813
The Jupiter X Core plugin for WordPress is vulnerable to arbitrary file downloads in versions up to, and including, 4.6.6. This makes it possible for unauthenticated attackers to download the contents of arbitrary files on the server, which can contain sensitive information. The requires the...
CVE-2025-3888
The Jupiter X Core plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File inclusion in all versions up to, and including, 4.8.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access an...
CVE-2025-3888
The Jupiter X Core plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File inclusion in all versions up to, and including, 4.8.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access an...