CVE-2022-1659

JupiterX Core <= 2.0.6 - Information Disclosure, Modification, and Denial of Service

mediumImproper Access Control

6.3

CVSS Score

6.3

CVSS Score

medium

Severity

2.0.7

Patched in

615d

Time to patch

Description

Vulnerable versions of the JupiterX Core plugin register an AJAX action jupiterx_conditional_manager which can be used to call any function in the includes/condition/class-condition-manager.php file by sending the desired function to call in the sub_action parameter. This can be used to view site configuration and logged-in users, modify post conditions, or perform a denial of service attack.

CVSS Vector Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Low

Confidentiality

Low

Integrity

Low

Availability

Technical Details

Affected versions<=2.0.6

PublishedMay 18, 2022

Last updatedJanuary 22, 2024

Affected pluginjupiterx-core

References

https://www.wordfence.com/threat-intel/vulnerabilities/id/e92ce899-556f-4a17-8902-1919d485ee15?source=api-prod

Check if your site is affected.

Run a free security audit to detect vulnerable plugins, outdated versions, and misconfigurations.

Run free audit Browse CVE database