CVE-2025-0365: Path Traversal
First published: Sat Feb 01 2025(Updated: )
The Jupiter X Core plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 4.8.7 via the inline SVG feature. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.
Credit: security@wordfence.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Artbees Jupiter X Core | <=4.8.7 | |
| Jupiter X Core | <4.8.8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-0365?
CVE-2025-0365 has been classified as a high severity vulnerability due to its impact on file access within the server.
How do I fix CVE-2025-0365?
To mitigate CVE-2025-0365, you should update the Jupiter X Core plugin to version 4.8.8 or later.
Who is affected by CVE-2025-0365?
CVE-2025-0365 affects users of the Jupiter X Core plugin for WordPress who are using versions up to and including 4.8.7.
What type of attack does CVE-2025-0365 enable?
CVE-2025-0365 allows authenticated attackers with Contributor-level access and above to perform directory traversal attacks.
What is the main feature exploited in CVE-2025-0365?
The vulnerability in CVE-2025-0365 is exploited through the inline SVG feature of the Jupiter X Core plugin.
- agent/type
- agent/description
- agent/first-publish-date
- agent/severity
- agent/weakness
- agent/source
- agent/references
- agent/author
- agent/guess-ai
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/remedy
- agent/tags
- agent/softwarecombine
- agent/event
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup-request
- vendor/jupiter
- canonical/artbees jupiter x core
- vendor/artbees
- canonical/jupiter x core