Unrated severityNVD Advisory· Published Jun 13, 2022· Updated Jan 31, 2025
JupiterX Core <= 2.0.6 - Information Disclosure, Modification, and Denial of Service
CVE-2022-1659
Description
Vulnerable versions of the JupiterX Core (<= 2.0.6) plugin register an AJAX action jupiterx_conditional_manager which can be used to call any function in the includes/condition/class-condition-manager.php file by sending the desired function to call in the sub_action parameter. This can be used to view site configuration and logged-in users, modify post conditions, or perform a denial of service attack.
Affected products
2- Range: 2.0.6
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.