CVE-2025-0365

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-0365
The Jupiter X Core plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 4.8.7 via the inline SVG feature. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.

6.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://plugins.trac.wordpress.org/changeset/3231122/jupiterx-core/trunk/includes/extensions/raven/includes/modules/inline-svg/widgets/inline-svg.php Patch
https://www.wordfence.com/threat-intel/vulnerabilities/id/d3bc5ef7-6825-463f-a3ce-d6ab1fc0e030?source=cve Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:artbees:jupiter_x_core:*:*:*:*:*:wordpress:*:*
History

24 Feb 2025, 15:56

Type Values Removed Values Added
CPE cpe:2.3:a:artbees:jupiter_x_core:*:*:*:*:*:wordpress:*:*
First Time Artbees
Artbees jupiter X Core
Summary
  • (es) El complemento Jupiter X Core para WordPress es vulnerable a Directory Traversal en todas las versiones hasta la 4.8.7 y incluida a través de la función SVG en línea. Esto permite que atacantes autenticados, con acceso de nivel de colaborador y superior, lean el contenido de archivos arbitrarios en el servidor, que pueden contener información confidencial.
References () https://plugins.trac.wordpress.org/changeset/3231122/jupiterx-core/trunk/includes/extensions/raven/includes/modules/inline-svg/widgets/inline-svg.php - () https://plugins.trac.wordpress.org/changeset/3231122/jupiterx-core/trunk/includes/extensions/raven/includes/modules/inline-svg/widgets/inline-svg.php - Patch
References () https://www.wordfence.com/threat-intel/vulnerabilities/id/d3bc5ef7-6825-463f-a3ce-d6ab1fc0e030?source=cve - () https://www.wordfence.com/threat-intel/vulnerabilities/id/d3bc5ef7-6825-463f-a3ce-d6ab1fc0e030?source=cve - Third Party Advisory

01 Feb 2025, 06:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-02-01 06:15

Updated : 2025-02-24 15:56

NVD link : CVE-2025-0365

Mitre link : CVE-2025-0365

CVE.ORG link : CVE-2025-0365

JSON object : View

Products Affected

artbees

  • jupiter_x_core
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')