WordPress Plugin Vulnerabilities

Jupiter X Core Premium < 3.3.8 - Unauthenticated Arbitrary File Upload

Description

The plugin does not validate files to be uploaded via the raven_form_frontend AJAX action available to unauthenticated users, allowing them to upload arbitrary files on the server

Affects Plugins

Plugin icon
jupiterx-core
Fixed in 3.3.8

References

CVE
CVE-2023-38388
URL
https://patchstack.com/articles/critical-vulnerabilities-patched-in-jupiter-x-core-plugin/

Miscellaneous

Original Researcher
Rafie Muhammad
Verified
Yes
WPVDB ID
d64c1e60-2f75-4651-aac6-0adbf3aa9564

Timeline

Publicly Published
2023-08-22 (about 2 years ago)
Added
2023-08-24 (about 2 years ago)
Last Updated
2023-08-24 (about 2 years ago)

Other

Published
Title
Published
2025-09-22
Title
Product Options and Price Calculation Formulas for WooCommerce – Uni CPO (Premium) < 4.9.56 - Unauthenticated Arbitrary File Upload via 'uni_cpo_upload_file'
Published
2024-10-17
Title
Woostagram Connect <= 1.0.2 - Unauthenticated Arbitrary File Upload
Published
2020-10-21
Title
Helios Solutions Brand Logo Slider <= 2.1 - Authenticated Arbitrary File Upload
Published
2025-12-11
Title
Infility Global < 2.14.43 - Authenticated (Subscriber+) Arbitrary File Upload
Published
2014-08-01
Title
Ajax Multi Upload 1.1 - Shell Upload