Lucene search
K

7 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 4:6 a.m.8 views

CVE-2023-3813

The Jupiter X Core plugin for WordPress is vulnerable to arbitrary file downloads in versions up to, and including, 4.6.6. This makes it possible for unauthenticated attackers to download the contents of arbitrary files on the server, which can contain sensitive information. The requires the...

7.5CVSS7.2AI score0.00987EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/04/28 6:14 a.m.11 views

CVE-2025-2105

The Jupiter X Core plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.8.11 via deserialization of untrusted input from the 'file' parameter of the 'ravendownloadfile' function. This makes it possible for attackers to inject a PHP Object through a PH...

8.1CVSS7.5AI score0.00621EPSS
Exploits0References1
NVD
NVD
added 2025/04/26 6:15 a.m.29 views

CVE-2025-2105

The Jupiter X Core plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.8.11 via deserialization of untrusted input from the 'file' parameter of the 'ravendownloadfile' function. This makes it possible for attackers to inject a PHP Object through a PH...

8.1CVSS0.00621EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/02/05 12:3 p.m.10 views

CVE-2024-7781

The Jupiter X Core plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 4.7.5. This is due to improper authentication via the Social Login widget. This makes it possible for unauthenticated attackers to log in as the first user to have logged in with a...

9.8CVSS7AI score0.00953EPSS
Exploits0References1
NVD
NVD
added 2025/02/01 6:15 a.m.16 views

CVE-2025-0366

The Jupiter X Core plugin for WordPress is vulnerable to Local File Inclusion to Remote Code Execution in all versions up to, and including, 4.8.7 via the getsvg function. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary...

8.8CVSS0.01617EPSS
Exploits0References4
NVD
NVD
added 2025/02/01 6:15 a.m.27 views

CVE-2025-0365

The Jupiter X Core plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 4.8.7 via the inline SVG feature. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the contents of arbitrary files on the server,...

6.5CVSS0.00689EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/07/21 2:4 a.m.9 views

CVE-2023-3813 Jupiter X Core <= 4.6.6 - Unauthenticated Arbitrary File Download

The Jupiter X Core plugin for WordPress is vulnerable to arbitrary file downloads in versions up to, and including, 4.6.6. This makes it possible for unauthenticated attackers to download the contents of arbitrary files on the server, which can contain sensitive information. The requires the...

7.5CVSS7.2AI score0.00987EPSS
Exploits1References5
Rows per page
Query Builder