CVE-2022-1656 JupiterX Theme <= 2.0.6 and JupiterX Core <= 2.0.6 - Authenticated Arbitrary Plugin Deactivation and Settings Modification

Vulnerable versions of the JupiterX Theme =2.0.6 allow any logged-in user, including subscriber-level users, to access any of the functions registered in lib/api/api/ajax.php, which also grant access to the jupiterxapiajax actions registered by the JupiterX Core Plugin =2.0.6. This includes the...

WordPress Photo Gallery – Image Gallery by Ape plugin <= 2.0.6 - Authenticated Arbitrary plugin deactivation

Authenticated Arbitrary plugin deactivation found by Jerome Bruandet in WordPress Photo Gallery – Image Gallery by Ape plugin versions = 2.0.6. Solution Update the WordPress Photo Gallery – Image Gallery by Ape plugin to the latest available version at least 2.0.7...