WordPress Plugin Vulnerabilities

Jupiter X Core < 4.8.6 - Missing Authorization to Unauthenticated Popup Template Export

Description

The Jupiter X Core plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_popup_action() function in all versions up to, and including, 4.8.5. This makes it possible for unauthenticated attackers to export popup templates.

Affects Plugins

Plugin icon
jupiterx-core
Fixed in 4.8.6

References

CVE
CVE-2024-12316
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/5db195c1-8917-4465-a5ca-21089afb0bc7

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Tieu Pham Trong Nhan
Verified
No
WPVDB ID
273d47f3-972a-437c-ba57-5833e28bb5e1

Timeline

Publicly Published
2025-01-06 (about 1 year ago)
Added
2025-01-06 (about 1 year ago)
Last Updated
2025-01-07 (about 1 year ago)

Other

Published
Title
Published
2026-06-15
Title
Envira Gallery – Image Photo Gallery, Albums, Video Gallery, Slideshows & More < 1.12.6 - Missing Authorization
Published
2024-08-16
Title
WOOCS – WooCommerce Currency Switcher < 1.4.2.1 - Missing Authorization
Published
2023-10-04
Title
Customer Reviews for WooCommerce < 5.36.1 - Missing Authorization
Published
2026-01-06
Title
YayMail – WooCommerce Email Customizer < 4.3.3 - Missing Authorization
Published
2024-11-12
Title
Kognetiks Chatbot for WordPress < 2.1.8 - Missing Authorization to Authenticated (Subscriber+) Assistant Update