EUVD-2022-24940

Malicious code in bioql PyPI...

EUVD-2022-24944

Malicious code in bioql PyPI...

CVE-2022-1658

Vulnerable versions of the Jupiter Theme = 6.10.1 allow arbitrary plugin deletion by any authenticated user, including users with the subscriber role, via the abbremoveplugin AJAX action registered in the framework/admin/control-panel/logic/plugin-management.php file. Using this functionality, an...

CVE-2022-1657

Vulnerable versions of the Jupiter = 6.10.1 and JupiterX = 2.0.6 Themes allow logged-in users, including subscriber-level users, to perform Path Traversal and Local File inclusion. In the JupiterX theme, the jupiterxcploadpaneaction AJAX action present in the...

CVE-2022-1654

Jupiter Theme = 6.10.1 and JupiterX Core Plugin = 2.0.7 allow any authenticated attacker, including a subscriber or customer-level attacker, to gain administrative privileges via the "abbuninstalltemplate" both and "jupiterxcorecpuninstalltemplate" JupiterX Core Only AJAX actions...

VulnCheck KEV: CVE-2022-1654

Jupiter Theme = 6.10.1 and JupiterX Core Plugin = 2.0.7 allow any authenticated attacker, including a subscriber or customer-level attacker, to gain administrative privileges via the "abbuninstalltemplate" both and "jupiterxcorecpuninstalltemplate" JupiterX Core Only AJAX actions...

CVE-2022-1658

Vulnerable versions of the Jupiter Theme = 6.10.1 allow arbitrary plugin deletion by any authenticated user, including users with the subscriber role, via the abbremoveplugin AJAX action registered in the framework/admin/control-panel/logic/plugin-management.php file. Using this functionality, an...

CVE-2022-1654

Jupiter Theme = 6.10.1 and JupiterX Core Plugin = 2.0.7 allow any authenticated attacker, including a subscriber or customer-level attacker, to gain administrative privileges via the "abbuninstalltemplate" both and "jupiterxcorecpuninstalltemplate" JupiterX Core Only AJAX actions...

CVE-2022-1654

Jupiter Theme = 6.10.1 and JupiterX Core Plugin = 2.0.7 allow any authenticated attacker, including a subscriber or customer-level attacker, to gain administrative privileges via the "abbuninstalltemplate" both and "jupiterxcorecpuninstalltemplate" JupiterX Core Only AJAX actions...

CVE-2022-1658

Vulnerable versions of the Jupiter Theme = 6.10.1 allow arbitrary plugin deletion by any authenticated user, including users with the subscriber role, via the abbremoveplugin AJAX action registered in the framework/admin/control-panel/logic/plugin-management.php file. Using this functionality, an...

Path traversal

Vulnerable versions of the Jupiter = 6.10.1 and JupiterX = 2.0.6 Themes allow logged-in users, including subscriber-level users, to perform Path Traversal and Local File inclusion. In the JupiterX theme, the jupiterxcploadpaneaction AJAX action present in the...

Code injection

Jupiter Theme = 6.10.1 and JupiterX Core Plugin = 2.0.7 allow any authenticated attacker, including a subscriber or customer-level attacker, to gain administrative privileges via the "abbuninstalltemplate" both and "jupiterxcorecpuninstalltemplate" JupiterX Core Only AJAX actions...

Design/Logic Flaw

Vulnerable versions of the Jupiter Theme = 6.10.1 allow arbitrary plugin deletion by any authenticated user, including users with the subscriber role, via the abbremoveplugin AJAX action registered in the framework/admin/control-panel/logic/plugin-management.php file. Using this functionality, an...

CVE-2022-1654 Jupiter Theme <= 6.10.1 and JupiterX Core Plugin <= 2.0.7 - Authenticated Privilege Escalation

Jupiter Theme = 6.10.1 and JupiterX Core Plugin = 2.0.7 allow any authenticated attacker, including a subscriber or customer-level attacker, to gain administrative privileges via the "abbuninstalltemplate" both and "jupiterxcorecpuninstalltemplate" JupiterX Core Only AJAX actions...

CVE-2022-1654

CVE-2022-1654 affects Jupiter Theme (&lt;= 6.10.1) and JupiterX Core Plugin (

CVE-2022-1654 Jupiter Theme <= 6.10.1 and JupiterX Core Plugin <= 2.0.7 - Authenticated Privilege Escalation

Jupiter Theme = 6.10.1 and JupiterX Core Plugin = 2.0.7 allow any authenticated attacker, including a subscriber or customer-level attacker, to gain administrative privileges via the "abbuninstalltemplate" both and "jupiterxcorecpuninstalltemplate" JupiterX Core Only AJAX actions...

CVE-2022-1658 Jupiter Theme <= 6.10.1 - Authenticated Arbitrary Plugin Deletion

Vulnerable versions of the Jupiter Theme = 6.10.1 allow arbitrary plugin deletion by any authenticated user, including users with the subscriber role, via the abbremoveplugin AJAX action registered in the framework/admin/control-panel/logic/plugin-management.php file. Using this functionality, an...

CVE-2022-1658

Vulnerability exists in WordPress Jupiter premium/theme (Jupiter Theme) versions up to 6.10.1, where an authenticated user can delete plugins via the abb_remove_plugin AJAX action (no capability/nonce checks). Affected sites using Jupiter Theme

CVE-2022-1658 Jupiter Theme <= 6.10.1 - Authenticated Arbitrary Plugin Deletion

Vulnerable versions of the Jupiter Theme = 6.10.1 allow arbitrary plugin deletion by any authenticated user, including users with the subscriber role, via the abbremoveplugin AJAX action registered in the framework/admin/control-panel/logic/plugin-management.php file. Using this functionality, an...

CVE-2022-1657 JupiterX Theme <= 2.0.6 and Jupiter Theme <= 6.10.1 - Authenticated Path Traversal and Local File Inclusion

Vulnerable versions of the Jupiter = 6.10.1 and JupiterX = 2.0.6 Themes allow logged-in users, including subscriber-level users, to perform Path Traversal and Local File inclusion. In the JupiterX theme, the jupiterxcploadpaneaction AJAX action present in the...