Themes Vulnerabilities

Jupiter < 6.10.2 - Subscriber+ Arbitrary Plugin Deletion

Description

Any authenticated user, such as subscriber, can delete arbitrary plugins via the abb_remove_plugin AJAX action registered in the framework/admin/control-panel/logic/plugin-management.php file.

Affects Themes

jupiter
Fixed in 6.10.2

References

CVE
CVE-2022-1658
URL
https://www.wordfence.com/blog/2022/05/critical-privilege-escalation-vulnerability-in-jupiter-and-jupiterx-premium-themes/

Classification

Type
ACCESS CONTROLS
OWASP top 10
A5: Broken Access Control
CWE
CWE-284
CVSS
6.5 (medium)

Miscellaneous

Original Researcher
Ramuel Gall
Verified
Yes
WPVDB ID
a1907efe-60db-45f1-a4de-dfb3a95a72f4

Timeline

Publicly Published
2022-05-18 (about 3 years ago)
Added
2022-05-18 (about 3 years ago)
Last Updated
2022-05-19 (about 3 years ago)

Other

Published
Title
Published
2024-02-19
Title
WPify Woo Czech < 4.0.9 - Missing Authorization
Published
2023-10-24
Title
Draw Attention < 2.0.16 - Improper Access Control via register_cpt
Published
2023-12-27
Title
Rencontre – Dating Site < 3.11 - Privilege Escalation
Published
2021-11-01
Title
Contest Gallery < 13.1.0.7 - Subscriber+ Email Address Disclosure
Published
2024-06-14
Title
AIomatic - Automatic AI Content Writer < 2.0.6 - Unauthenticated Arbitrary Email Sending