CVE-2024-7772

CRITICAL

9.8CVSS v3

—CVSS v2

8.65% EPSS (exploit probability)

CWE-434CWE

Description

The Jupiter X Core plugin for WordPress is vulnerable to arbitrary file uploads due to a mishandled file type validation in the 'validate' function in all versions up to, and including, 4.6.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.

CVSS v3 vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected routers (1)

Vendor	Model	Matched via	Affected versions	Fixed in	Patch?
Ubiquiti	Ubiquiti EdgeRouter X	`—`	—	—	No

External references

NIST NVD
MITRE CVE