CVE-2022-1654

Description

Jupiter Theme <= 6.10.1 and JupiterX Core Plugin <= 2.0.7 allow any authenticated attacker, including a subscriber or customer-level attacker, to gain administrative privileges via the "abb_uninstall_template" (both) and "jupiterx_core_cp_uninstall_template" (JupiterX Core Only) AJAX actions

Related CPE's

a artbees jupiterx *****wordpress **

a artbees jupiter *****wordpress **

References

https://www.wordfence.com/blog/2022/05/critical-privilege-escalation-vulnerability-in-jupiter-and-jupiterx-premium-themes/

ExploitThird Party Advisory

CvssV3 impact

Could not find any metrics

CvssV2 impact

AccessComplexity	LOW
ConfidentialityImpact	COMPLETE
AvailabilityImpact	COMPLETE
IntegrityImpact	COMPLETE
BaseScore	9
VectorString	AV:N/AC:L/Au:S/C:C/I:C/A:C
Version	2.0
AccessVector	NETWORK
Authentication	SINGLE

Created by Yello

About Severity.io