Artbees Jupiter X vulnerabilities
2 known vulnerabilities affecting artbees/jupiter_x.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2022-1657P3HIGHCVSS 8.8≥ 2.0.6, ≤ 2.0.62022-06-13
CVE-2022-1657 [HIGH] CWE-22 CVE-2022-1657: Vulnerable versions of the Jupiter (<= 6.10.1) and JupiterX (<= 2.0.6) Themes allow logged-in users,
Vulnerable versions of the Jupiter (<= 6.10.1) and JupiterX (<= 2.0.6) Themes allow logged-in users, including subscriber-level users, to perform Path Traversal and Local File inclusion. In the JupiterX theme, the jupiterx_cp_load_pane_action AJAX action present in the lib/admin/control-panel/control-panel.php file calls the load_control_panel_pane funct
nvd
CVE-2022-1656P4MEDIUMCVSS 5.4≥ 2.0.6, ≤ 2.0.62022-06-13
CVE-2022-1656 [MEDIUM] CWE-284 CVE-2022-1656: Vulnerable versions of the JupiterX Theme (<=2.0.6) allow any logged-in user, including subscriber-l
Vulnerable versions of the JupiterX Theme (<=2.0.6) allow any logged-in user, including subscriber-level users, to access any of the functions registered in lib/api/api/ajax.php, which also grant access to the jupiterx_api_ajax_ actions registered by the JupiterX Core Plugin (<=2.0.6). This includes the ability to deactivate arbitrary plugins as well
nvd