3 matches found
CVE-2022-1658
Vulnerable versions of the Jupiter Theme = 6.10.1 allow arbitrary plugin deletion by any authenticated user, including users with the subscriber role, via the abbremoveplugin AJAX action registered in the framework/admin/control-panel/logic/plugin-management.php file. Using this functionality, an...
CVE-2022-1658 Jupiter Theme <= 6.10.1 - Authenticated Arbitrary Plugin Deletion
Vulnerable versions of the Jupiter Theme = 6.10.1 allow arbitrary plugin deletion by any authenticated user, including users with the subscriber role, via the abbremoveplugin AJAX action registered in the framework/admin/control-panel/logic/plugin-management.php file. Using this functionality, an...
CVE-2022-1658
Vulnerability exists in WordPress Jupiter premium/theme (Jupiter Theme) versions up to 6.10.1, where an authenticated user can delete plugins via the abb_remove_plugin AJAX action (no capability/nonce checks). Affected sites using Jupiter Theme