Jupiter X Core PHP Object Injection Vulnerability via PHAR Files

A PHP Object Injection vulnerability has been identified in the Jupiter X Core plugin for WordPress, affecting all versions through 4.8.11. The issue arises from the deserialization of untrusted input in the 'file' parameter of the 'raven_download_file' function, allowing attackers to inject PHP Objects using PHAR files. While the vulnerable software does not have a known Property-Oriented Programming (POP) chain, the vulnerability could be exploited if another plugin or theme with a POP chain is installed. In such cases, it might enable an attacker to delete arbitrary files, access sensitive data, or execute code, depending on the specific POP chain available. The vulnerability can be exploited by unauthenticated attackers when a file download form is active on the site and file uploads are permitted. Otherwise, it could be exploited by users with Contributor-level access or higher, as they could create the necessary form to facilitate the attack.

Impact

Exploitation of this vulnerability could lead to PHP Object Injection, allowing for the injection of malicious objects that could be exploited if a suitable POP chain is available through another plugin or theme.

Remediation

Users are advised to update the Jupiter X Core plugin to version 4.8.12 or a newer patched version.