Jupiter X Core
Moderate fix1 remedy
cpe:2.3:a:artbees:jupiter_x_core:*:*:*:*:wordpress:*:*
Moderate fix1 remedy
- <= 4.8.5
Jupiter X Core Missing Authorization Vulnerability in Popup Template Export
Vulnerability
Patched
A vulnerability exists in the Jupiter X Core plugin for WordPress, allowing unauthorized access to popup template data. This issue arises from a lack of proper capability checks in the export_popup_action() function, affecting all versions up to and including 4.8.5. As a result, unauthenticated attackers can export popup templates without authorization.
Impact
Exploitation of this vulnerability allows for unauthorized export of popup templates, potentially leading to misuse of the exported data or disruption of the site's functionality.
Reproduction
To reproduce this vulnerability, send a request to the WordPress site with the 'action' parameter set to 'jupiterx_export_popup', along with the 'template_id' of the popup to be exported. Include a nonce value for authentication. The absence of a proper capability check allows this action to be performed by unauthenticated users.
Remediation
Users are advised to update the Jupiter X Core plugin to version 4.8.6 or a later patched version.
Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM
Vulnerability Rating
Custom Algorithm
spread
6.4impact
2.5exploitability
8.6remediation
7.7relevance
0.0threat
4.8urgency
2.9incentive
5.8Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.