CVE-2022-1654: Jupiter Theme <= 6.10.1 and JupiterX Core Plugin <= 2.0.7 - Authenticated Privilege Escalation
First published: Mon Jun 13 2022(Updated: )
Jupiter Theme <= 6.10.1 and JupiterX Core Plugin <= 2.0.7 allow any authenticated attacker, including a subscriber or customer-level attacker, to gain administrative privileges via the "abb_uninstall_template" (both) and "jupiterx_core_cp_uninstall_template" (JupiterX Core Only) AJAX actions
Credit: security@wordfence.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Artbees Jupiter X Core | <=6.10.1 | |
| Artbees Jupiter X Core | <=2.0.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is Jupiter Theme CVE-2022-1654?
Jupiter Theme CVE-2022-1654 allows any authenticated attacker, including subscriber or customer-level ones, to gain administrative privileges via specific AJAX actions.
How severe is CVE-2022-1654 vulnerability in Jupiter Theme?
CVE-2022-1654 has a severity rating of 8.8, considered critical.
What actions can an attacker perform with CVE-2022-1654 in JupiterX Core Plugin?
An attacker can gain administrative privileges using the "jupiterx_core_cp_uninstall_template" AJAX action in the JupiterX Core Plugin.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/severity
- agent/weakness
- agent/references
- agent/title
- agent/first-publish-date
- agent/last-modified-date
- agent/description
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/artbees
- canonical/artbees jupiter x core
- version/artbees jupiter x core/6.10.1
- version/artbees jupiter x core/2.0.7