3 matches found
CVE-2025-2105
CVE-2025-2105 (Jupiter X Core) affects WordPress Jupiter X Core plugin up to version 4.8.11. Vulnerability: PHP Object Injection via deserialization of untrusted input from the ‘file’ parameter of raven_download_file, enabling injection of a PHP object through a PHAR file. Impact is contingent on...
CVE-2025-2105 Jupiter X Core <= 4.8.11 - Unauthenticated PHP Object Injection via PHAR
The Jupiter X Core plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.8.11 via deserialization of untrusted input from the 'file' parameter of the 'ravendownloadfile' function. This makes it possible for attackers to inject a PHP Object through a PH...
WordPress Jupiter X Core plugin <= 4.8.11 - Unauthenticated PHP Object Injection via PHAR vulnerability
Unauthenticated PHP Object Injection via PHAR vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin JupiterX Core versions = 4.8.11...