cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-12033,https://securityvulnerability.io/vulnerability/CVE-2024-12033,Unauthorized Access Vulnerability in Jupiter X Core Plugin for WordPress,"The Jupiter X Core plugin for WordPress is susceptible to unauthorized access due to a lack of capability checks in the sync_libraries() function. This vulnerability allows attackers with Subscriber-level privileges and above to sync libraries, potentially compromising site security through unauthorized actions. It affects all versions of the plugin up to and including 4.8.5.",Wordpress,Jupiter X Core,4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,false,false,false,2025-01-07T11:11:11.179Z,0
CVE-2024-12316,https://securityvulnerability.io/vulnerability/CVE-2024-12316,Unauthorized Data Access Vulnerability in Jupiter X Core Plugin by WordPress,"The Jupiter X Core plugin for WordPress has a security flaw allowing unauthenticated users to access sensitive data. This vulnerability is linked to a lack of capability checks in the export_popup_action() function, present in all versions up to 4.8.5. As a result, attackers can exploit this weakness to export popup templates, potentially compromising user data and plugin functionality.",Wordpress,Jupiter X Core,5.3,MEDIUM,0.0005200000014156103,false,,false,false,false,false,false,false,2025-01-07T11:11:10.560Z,0
CVE-2024-7781,https://securityvulnerability.io/vulnerability/CVE-2024-7781," Authentication bypass vulnerability in Core plugin","The Jupiter X Core plugin for WordPress contains a vulnerability that allows unauthenticated users to bypass authentication through the Social Login widget. This issue affects all versions up to and including 4.7.5, enabling attackers to log in as the first user who previously used a social media account, potentially taking control of administrator accounts. Notably, the exploitation can occur even if the Social Login feature is currently disabled, provided it was enabled and used in the past. The vulnerability was addressed partially in version 4.7.5 and fully resolved in version 4.7.8.",Wordpress,Jupiter X Core,9.8,CRITICAL,0.0006699999794363976,false,,false,false,false,,false,false,2024-09-26T04:29:59.599Z,0
CVE-2024-7772,https://securityvulnerability.io/vulnerability/CVE-2024-7772,Unauthorized File Uploads Vulnerability in X Core plugin for WordPress,"The Jupiter X Core plugin for WordPress is impacted by a vulnerability that allows unauthenticated attackers to upload arbitrary files due to improper file type validation in its 'validate' function. This flaw affects all versions up to and including 4.6.5. Once exploited, it potentially enables remote code execution on the server hosting the affected site, posing significant security risks.",Wordpress,Jupiter X Core,9.8,CRITICAL,0.0006300000241026282,false,,false,false,false,,false,false,2024-09-26T04:29:58.902Z,0
CVE-2023-3813,https://securityvulnerability.io/vulnerability/CVE-2023-3813,Arbitrary File Download Vulnerability in Jupiter X Core Plugin for WordPress,"The Jupiter X Core plugin for WordPress is susceptible to a vulnerability that allows unauthenticated attackers to download arbitrary files from the server. This weakness affects versions up to and including 2.5.0 and occurs when the premium version of the plugin is activated. The exploitation of this vulnerability could lead to the exposure of sensitive information stored on the server, making it critical for users to take timely action to update their plugins and safeguard their data.",Wordpress,Jupiter X Core,7.5,HIGH,0.0006200000061653554,false,,false,false,false,,false,false,2023-07-21T03:15:00.000Z,0