[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fAAKUmVldokRddiIk8a4_TRlgyl-TBD7rSbqKdE0bysw":3},{"id":4,"url_slug":5,"title":6,"description":7,"plugin_slug":8,"theme_slug":9,"affected_versions":10,"patched_in_version":11,"severity":12,"cvss_score":13,"cvss_vector":14,"vuln_type":15,"published_date":16,"updated_date":17,"references":18,"days_to_patch":20},"CVE-2023-38389","jupiterx-core-unauthenticated-privilege-escalation","JupiterX Core \u003C= 3.3.8 - Unauthenticated Privilege Escalation","The JupiterX Core plugin for WordPress is vulnerable to privilege escalation due to insufficient validation in versions up to, and including, 3.3.8 due to insufficient controls on the facebook_log_user_in() function. This makes it possible for unauthenticated attackers to stage a site takeover. Please note that this affects both the free and premium version of the plugin.","jupiterx-core",null,"\u003C=3.3.8","3.4.3","critical",9.8,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:H\u002FI:H\u002FA:H","Authentication Bypass Using an Alternate Path or Channel","2023-08-22 00:00:00","2024-01-22 19:56:02",[19],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fb894473b-b2ed-475b-892e-603db609f88a?source=api-prod",154]