🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Jupiter X Core

Wordfence Intelligence > Vulnerability Database > WordPress Plugins > Jupiter X Core

Information

Software Type	Plugin
Software Slug	jupiterx-core (view on wordpress.org)
Software Status	Removed
Software Author	artbees/
Software Website	jupiterx.com
Software Downloads	139,931
Software Active Installs	90,000
Software Record Last Updated	April 16, 2024

9 Vulnerabilities

JupiterX Core <= 3.3.5 - Unauthenticated Arbitrary File Upload

9.8

CVE-2023-38388

Aug 22, 2023

Researcher: Rafie Muhammad

JupiterX Core <= 3.3.8 - Unauthenticated Privilege Escalation

9.8

CVE-2023-38389

Aug 22, 2023

Researcher: Rafie Muhammad

JupiterX Core 3.0.0 - 3.3.0 - Missing Authorization

4.3

CVE-2023-38394

Aug 13, 2023

Researcher: Rafie Muhammad

JupiterX Core 3.0.0 - 3.3.0 - Missing Authorization

8.3

CVE-2023-38385

Aug 13, 2023

Researcher: Rafie Muhammad

Jupiter X Core <= 2.5.0 - Unauthenticated Arbitrary File Download

7.5

CVE-2023-3813

Jul 20, 2023

Researcher: István Márton

Jupiter X Core <= 2.0.9 - Missing Authorization Checks

7.6

CVE ID Unknown

Aug 8, 2022

Researchers:

JupiterX Theme <= 2.0.6 and JupiterX Core <= 2.0.6 - Authenticated Arbitrary Plugin Deactivation and Settings Modification

6.5

CVE-2022-1656

May 18, 2022

Researcher: Ram

Jupiter Theme <= 6.10.1 and JupiterX Core Plugin <= 2.0.7 - Authenticated Privilege Escalation

9.9

CVE-2022-1654

May 18, 2022

Researcher: Ram

JupiterX Core <= 2.0.6 - Information Disclosure, Modification, and Denial of Service

6.3

CVE-2022-1659

May 18, 2022

Researcher: Ram

Title	CVE ID	CVSS	Researchers	Date
JupiterX Core <= 3.3.5 - Unauthenticated Arbitrary File Upload	CVE-2023-38388	9.8	Rafie Muhammad	August 22, 2023
JupiterX Core <= 3.3.8 - Unauthenticated Privilege Escalation	CVE-2023-38389	9.8	Rafie Muhammad	August 22, 2023
JupiterX Core 3.0.0 - 3.3.0 - Missing Authorization	CVE-2023-38394	4.3	Rafie Muhammad	August 13, 2023
JupiterX Core 3.0.0 - 3.3.0 - Missing Authorization	CVE-2023-38385	8.3	Rafie Muhammad	August 13, 2023
Jupiter X Core <= 2.5.0 - Unauthenticated Arbitrary File Download	CVE-2023-3813	7.5	István Márton	July 20, 2023
Jupiter X Core <= 2.0.9 - Missing Authorization Checks		7.6		August 8, 2022
JupiterX Theme <= 2.0.6 and JupiterX Core <= 2.0.6 - Authenticated Arbitrary Plugin Deactivation and Settings Modification	CVE-2022-1656	6.5	Ram	May 18, 2022
Jupiter Theme <= 6.10.1 and JupiterX Core Plugin <= 2.0.7 - Authenticated Privilege Escalation	CVE-2022-1654	9.9	Ram	May 18, 2022
JupiterX Core <= 2.0.6 - Information Disclosure, Modification, and Denial of Service	CVE-2022-1659	6.3	Ram	May 18, 2022

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation