Artbees Jupiter X Core
13 CVEs affecting Artbees Jupiter X Core. Latest disclosed: 2026-03-23. Critical: 1, High: 6.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-7772 | Critical | 9.8 | 2024-09-26 | The Jupiter X Core plugin for WordPress is vulnerable to arbitrary file uploads due to a mishandled file type validation in the 'validate' function in all vers… |
CVE-2026-3533 | High | 8.8 | 2026-03-23 | The Jupiter X Core plugin for WordPress is vulnerable to limited file uploads due to missing authorization on import_popup_templates() function as well as insu… |
CVE-2025-0366 | High | 8.8 | 2025-02-01 | The Jupiter X Core plugin for WordPress is vulnerable to Local File Inclusion to Remote Code Execution in all versions up to, and including, 4.8.7 via the get_… |
CVE-2022-1654 | High | 8.8 | 2022-06-13 | Jupiter Theme <= 6.10.1 and JupiterX Core Plugin <= 2.0.7 allow any authenticated attacker, including a subscriber or customer-level attacker, to gain administ… |
CVE-2025-2105 | High | 8.1 | 2025-04-26 | The Jupiter X Core plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.8.11 via deserialization of untrusted inp… |
CVE-2024-7781 | High | 8.1 | 2024-09-26 | The Jupiter X Core plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 4.7.5. This is due to improper authenticat… |
CVE-2023-3813 | High | 7.5 | 2023-07-21 | The Jupiter X Core plugin for WordPress is vulnerable to arbitrary file downloads in versions up to, and including, 4.6.6. This makes it possible for unauthent… |
CVE-2025-0365 | Medium | 6.5 | 2025-02-01 | The Jupiter X Core plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 4.8.7 via the inline SVG feature. This makes… |
CVE-2025-3888 | Medium | 6.4 | 2025-05-17 | The Jupiter X Core plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File inclusion in all versions up to, and including, 4.8.12 due to… |
CVE-2022-1659 | Medium | 5.4 | 2022-06-13 | Vulnerable versions of the JupiterX Core (<= 2.0.6) plugin register an AJAX action jupiterx_conditional_manager which can be used to call any function in the i… |
CVE-2022-1656 | Medium | 5.4 | 2022-06-13 | Vulnerable versions of the JupiterX Theme (<=2.0.6) allow any logged-in user, including subscriber-level users, to access any of the functions registered in li… |
CVE-2024-12316 | Medium | 5.3 | 2025-01-07 | The Jupiter X Core plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_popup_action() function in… |
CVE-2024-12033 | Medium | 4.3 | 2025-01-07 | The Jupiter X Core plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the sync_libraries() function in all versions… |