CVE-2024-7772: Jupiter X Core <= 4.6.5 - Unauthenticated Arbitrary File Upload
First published: Thu Sep 26 2024(Updated: )
The Jupiter X Core plugin for WordPress is vulnerable to arbitrary file uploads due to a mishandled file type validation in the 'validate' function in all versions up to, and including, 4.6.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
Credit: security@wordfence.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Jupiter X Core | <4.6.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-7772?
CVE-2024-7772 is classified as a high-severity vulnerability due to its potential for unauthorized file uploads.
How do I fix CVE-2024-7772?
To fix CVE-2024-7772, update the Jupiter X Core plugin to version 4.6.6 or later.
Who is affected by CVE-2024-7772?
CVE-2024-7772 affects all versions of the Jupiter X Core plugin for WordPress up to and including 4.6.5.
What type of attack can exploit CVE-2024-7772?
CVE-2024-7772 can be exploited by unauthenticated attackers to upload arbitrary files, potentially leading to further compromise.
Is authentication required to exploit CVE-2024-7772?
No, CVE-2024-7772 can be exploited without authentication, making it particularly dangerous.
- agent/weakness
- agent/title
- agent/references
- agent/type
- agent/description
- agent/first-publish-date
- agent/severity
- agent/author
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/last-modified-date
- collector/epss-latest
- source/FIRST
- agent/epss
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/artbees
- canonical/jupiter x core