EUVD-2022-24944

Malicious code in bioql PyPI...

EUVD-2022-24940

Malicious code in bioql PyPI...

CVE-2022-1658

Vulnerable versions of the Jupiter Theme = 6.10.1 allow arbitrary plugin deletion by any authenticated user, including users with the subscriber role, via the abbremoveplugin AJAX action registered in the framework/admin/control-panel/logic/plugin-management.php file. Using this functionality, an...

CVE-2022-1657

Vulnerable versions of the Jupiter = 6.10.1 and JupiterX = 2.0.6 Themes allow logged-in users, including subscriber-level users, to perform Path Traversal and Local File inclusion. In the JupiterX theme, the jupiterxcploadpaneaction AJAX action present in the...

CVE-2022-1654

Jupiter Theme = 6.10.1 and JupiterX Core Plugin = 2.0.7 allow any authenticated attacker, including a subscriber or customer-level attacker, to gain administrative privileges via the "abbuninstalltemplate" both and "jupiterxcorecpuninstalltemplate" JupiterX Core Only AJAX actions...

VulnCheck KEV: CVE-2022-1654

Jupiter Theme = 6.10.1 and JupiterX Core Plugin = 2.0.7 allow any authenticated attacker, including a subscriber or customer-level attacker, to gain administrative privileges via the "abbuninstalltemplate" both and "jupiterxcorecpuninstalltemplate" JupiterX Core Only AJAX actions...

Vulnerability in the Jupiter Theme and JupiterX Core plugins of the WordPress content management system, allowing attackers to increase their privileges

The vulnerability in the Jupiter Theme and JupiterX Core plugins of the WordPress content management system is related to insecure handling of privileges. Exploiting this vulnerability could allow a malicious actor to increase their privileges remotely...

CVE-2022-1654

Jupiter Theme = 6.10.1 and JupiterX Core Plugin = 2.0.7 allow any authenticated attacker, including a subscriber or customer-level attacker, to gain administrative privileges via the "abbuninstalltemplate" both and "jupiterxcorecpuninstalltemplate" JupiterX Core Only AJAX actions...

CVE-2022-1654

Jupiter Theme = 6.10.1 and JupiterX Core Plugin = 2.0.7 allow any authenticated attacker, including a subscriber or customer-level attacker, to gain administrative privileges via the "abbuninstalltemplate" both and "jupiterxcorecpuninstalltemplate" JupiterX Core Only AJAX actions...

CVE-2022-1658

Vulnerable versions of the Jupiter Theme = 6.10.1 allow arbitrary plugin deletion by any authenticated user, including users with the subscriber role, via the abbremoveplugin AJAX action registered in the framework/admin/control-panel/logic/plugin-management.php file. Using this functionality, an...

CVE-2022-1658

Vulnerable versions of the Jupiter Theme = 6.10.1 allow arbitrary plugin deletion by any authenticated user, including users with the subscriber role, via the abbremoveplugin AJAX action registered in the framework/admin/control-panel/logic/plugin-management.php file. Using this functionality, an...

Code injection

Jupiter Theme = 6.10.1 and JupiterX Core Plugin = 2.0.7 allow any authenticated attacker, including a subscriber or customer-level attacker, to gain administrative privileges via the "abbuninstalltemplate" both and "jupiterxcorecpuninstalltemplate" JupiterX Core Only AJAX actions...

Design/Logic Flaw

Vulnerable versions of the Jupiter Theme = 6.10.1 allow arbitrary plugin deletion by any authenticated user, including users with the subscriber role, via the abbremoveplugin AJAX action registered in the framework/admin/control-panel/logic/plugin-management.php file. Using this functionality, an...

Path traversal

Vulnerable versions of the Jupiter = 6.10.1 and JupiterX = 2.0.6 Themes allow logged-in users, including subscriber-level users, to perform Path Traversal and Local File inclusion. In the JupiterX theme, the jupiterxcploadpaneaction AJAX action present in the...

CVE-2022-1654 Jupiter Theme <= 6.10.1 and JupiterX Core Plugin <= 2.0.7 - Authenticated Privilege Escalation

Jupiter Theme = 6.10.1 and JupiterX Core Plugin = 2.0.7 allow any authenticated attacker, including a subscriber or customer-level attacker, to gain administrative privileges via the "abbuninstalltemplate" both and "jupiterxcorecpuninstalltemplate" JupiterX Core Only AJAX actions...

CVE-2022-1654

CVE-2022-1654 affects Jupiter Theme (&lt;= 6.10.1) and JupiterX Core Plugin (

CVE-2022-1654 Jupiter Theme <= 6.10.1 and JupiterX Core Plugin <= 2.0.7 - Authenticated Privilege Escalation

Jupiter Theme = 6.10.1 and JupiterX Core Plugin = 2.0.7 allow any authenticated attacker, including a subscriber or customer-level attacker, to gain administrative privileges via the "abbuninstalltemplate" both and "jupiterxcorecpuninstalltemplate" JupiterX Core Only AJAX actions...

CVE-2022-1658 Jupiter Theme <= 6.10.1 - Authenticated Arbitrary Plugin Deletion

Vulnerable versions of the Jupiter Theme = 6.10.1 allow arbitrary plugin deletion by any authenticated user, including users with the subscriber role, via the abbremoveplugin AJAX action registered in the framework/admin/control-panel/logic/plugin-management.php file. Using this functionality, an...

CVE-2022-1658 Jupiter Theme <= 6.10.1 - Authenticated Arbitrary Plugin Deletion

Vulnerable versions of the Jupiter Theme = 6.10.1 allow arbitrary plugin deletion by any authenticated user, including users with the subscriber role, via the abbremoveplugin AJAX action registered in the framework/admin/control-panel/logic/plugin-management.php file. Using this functionality, an...

CVE-2022-1658

Vulnerability exists in WordPress Jupiter premium/theme (Jupiter Theme) versions up to 6.10.1, where an authenticated user can delete plugins via the abb_remove_plugin AJAX action (no capability/nonce checks). Affected sites using Jupiter Theme