Vulnerability Description
The Jupiter X Core plugin for WordPress is vulnerable to arbitrary file downloads in versions up to, and including, 4.6.6. This makes it possible for unauthenticated attackers to download the contents of arbitrary files on the server, which can contain sensitive information. The requires the premium version of the plugin to be activated. NOTE: This vulnerability was partially patched in version 4.6.5 and fully patched in version 4.6.9.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Artbees | Jupiter X Core | <= 2.5.0 |
Related Weaknesses (CWE)
References
- https://plugins.trac.wordpress.org/browser/jupiterx-core/tags/4.6.9/includes/ext
- https://plugins.trac.wordpress.org/browser/jupiterx-core/trunk/includes/extensioExploit
- https://plugins.trac.wordpress.org/changeset/3138013/jupiterx-core/trunk/include
- https://plugins.trac.wordpress.org/changeset/3142669/jupiterx-core/trunk/include
- https://www.wordfence.com/threat-intel/vulnerabilities/id/f767d94b-fe92-4b69-9d8Third Party Advisory
- https://plugins.trac.wordpress.org/browser/jupiterx-core/trunk/includes/extensioExploit
- https://www.wordfence.com/threat-intel/vulnerabilities/id/f767d94b-fe92-4b69-9d8Third Party Advisory
FAQ
What is CVE-2023-3813?
CVE-2023-3813 is a vulnerability with a CVSS score of 7.5 (HIGH). The Jupiter X Core plugin for WordPress is vulnerable to arbitrary file downloads in versions up to, and including, 4.6.6. This makes it possible for unauthenticated attackers to download the contents...
How severe is CVE-2023-3813?
CVE-2023-3813 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-3813?
Check the references section above for vendor advisories and patch information. Affected products include: Artbees Jupiter X Core.