WordPress Plugin Vulnerabilities

Jupiter X Core < 4.6.6 - Unauthenticated Arbitrary File Upload

Description

The Jupiter X Core plugin for WordPress is vulnerable to arbitrary file uploads due to a mishandled file type validation in the 'validate' function in all versions up to, and including, 4.6.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.

Affects Plugins

Plugin icon
jupiterx-core
Fixed in 4.6.6

References

CVE
CVE-2024-7772
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/5b546d24-82c1-4598-8926-6e73a4784b38

Miscellaneous

Original Researcher
Geo Void
Verified
No
WPVDB ID
423c7f9e-748a-40b0-962d-1d1774283208

Timeline

Publicly Published
2024-08-23 (about 1 year ago)
Added
2024-09-25 (about 1 year ago)
Last Updated
2024-09-26 (about 1 year ago)

Other

Published
Title
Published
2024-06-28
Title
Newspack Blocks < 3.0.9 - Authenticated (Contributor+) Arbitrary File Upload
Published
2026-04-16
Title
Academy LMS Pro < 3.5.2 - Authenticated (Custom+) Arbitrary File Upload
Published
2024-12-11
Title
Video & Photo Gallery for Ultimate Member < 1.1.1 - Authenticated (Subscriber+) Arbitrary File Upload
Published
2025-01-27
Title
ThemeREX Addons < 2.34.0 - Unauthenticated Arbitrary File Upload in trx_addons_uploads_save_data
Published
2024-04-05
Title
WP Photo Album Plus < 8.6.03.005 - Authenticated (Subscriber+) Arbitrary File Upload