CVE-2024-7772

The Jupiter X Core plugin for WordPress is vulnerable to arbitrary file uploads due to a mishandled file type validation in the 'validate' function in all versions up to, and including, 4.6.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
Configurations

Configuration 1 (hide)

cpe:2.3:a:artbees:jupiter_x_core:*:*:*:*:*:wordpress:*:*

History

02 Oct 2024, 16:10

Type Values Removed Values Added
First Time Artbees
Artbees jupiter X Core
CPE cpe:2.3:a:artbees:jupiter_x_core:*:*:*:*:*:wordpress:*:*
References () https://plugins.trac.wordpress.org/browser/jupiterx-core/trunk/includes/extensions/raven/includes/modules/forms/classes/ajax-handler.php - () https://plugins.trac.wordpress.org/browser/jupiterx-core/trunk/includes/extensions/raven/includes/modules/forms/classes/ajax-handler.php - Product
References () https://plugins.trac.wordpress.org/changeset/3139412/ - () https://plugins.trac.wordpress.org/changeset/3139412/ - Patch
References () https://www.wordfence.com/threat-intel/vulnerabilities/id/5b546d24-82c1-4598-8926-6e73a4784b38?source=cve - () https://www.wordfence.com/threat-intel/vulnerabilities/id/5b546d24-82c1-4598-8926-6e73a4784b38?source=cve - Third Party Advisory

26 Sep 2024, 13:32

Type Values Removed Values Added
Summary
  • (es) El complemento Jupiter X Core para WordPress es vulnerable a la carga de archivos arbitrarios debido a una validación de tipo de archivo mal gestionada en la función "validar" en todas las versiones hasta la 4.6.5 incluida. Esto hace posible que atacantes no autenticados carguen archivos arbitrarios en el servidor del sitio afectado, lo que puede hacer posible la ejecución remota de código.

26 Sep 2024, 05:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-26 05:15

Updated : 2024-10-02 16:10


NVD link : CVE-2024-7772

Mitre link : CVE-2024-7772

CVE.ORG link : CVE-2024-7772


JSON object : View

Products Affected

artbees

  • jupiter_x_core
CWE
CWE-434

Unrestricted Upload of File with Dangerous Type