Explore tailored GAP analyses for ISO standards or take a comprehensive GAP analysis. Learn More
× Teams Logo Book a Teams Meeting
Hopping Frog with Grass and Disappearing Sign

Critical Escalation Flaw Fixed By Jupiter In WordPress

A critical vulnerability in the Jupiter WordPress theme, which has over 90,000 active installations, allows for the takeover of target websites through escalation.

Privilege Escalation

The privilege escalation problem, which has a CVSS score of 9.9, requires attackers to be authenticated, but only as a subscriber or customer. This provides minimal protection against potential attacks for websites that allow users to self-register.

According to a blog post published on Wednesday (May 18) by Wordfence, the bug, along with another high severity vulnerability and a trio of medium severity vulnerabilities, has been patched by the theme’s creator, ArtBees.

Vulnerabilities

‘Plugin Vulnerabilities’ claimed to have seen proof that hackers were already looking for weak installations and that some websites had likely already been compromised in a blog post published on ‘Plugin Vulnerabilities’ claimed to have seen proof that hackers were already looking for weak installations and that some websites had likely already been compromised in a blog post published on
The uninstall Template function has the privilege escalation flaw (CVE-2022-1654), which affects the Jupiter theme and JupiterX Core plugin.

Any logged-in user can elevate their capabilities to those of an administrator by sending an AJAX call with the action parameter set to abb uninstall template, revealed Wordfence researcher Ram Gall, who discovered the issues.

This invokes the uninstall Template function, which in turn invokes the reset WordPress Database function, effectively reinstalling the site with the currently logged-in user as the new site owner.

The same capability may also be obtained by submitting an AJAX call with the action parameter set to jupiterx_core_cp_uninstall_template, according to the documentation.
An attacker could gain privileged information, such as nonce values, or conduct limited activities by including and executing files from any location on the site, according to the high severity problem (CVSS score 8.1), which is an authenticated path traversal and local file inclusion issue.

Escalation Identified

The vulnerability, identified as CVE-2022-1657, affects the JupiterX and Jupiter themes.
A pair of insufficient access control flaws lead to authenticated arbitrary plugin deactivation, with one additionally leading to settings change (CVE-2022-1656) and the other being monitored as CVE-2022-1658 in the medium severity category. The third problem involves information exposure and manipulation, as well as a DoS attack (CVE-2022-1659).

On April 5, 2022, Wordfence notified ArtBees of all but one of the weaknesses, and on April 28, partially patched versions were released.

On May 3, ArtBees was notified of the final vulnerability, and on May 10, they issued fully patched versions.

Jupiter Theme version 6.10.2, JupiterX theme version 2.0.7, and JupiterX Core version 2.0.8 all fix the issues.

For more reading a previous article is available here.

Share This Post:

Facebook
Twitter
LinkedIn
Pinterest
Email
WhatsApp
Picture of Adam Cooke
Adam Cooke
As the Operations and Compliance Manager, Adam oversees all aspects of the business, ensuring operational efficiency and regulatory compliance. Committed to high standards, he ensures everyone is heard and supported. With a strong background in the railway industry, Adam values rigorous standards and safety. Outside of work, he enjoys dog walking, gardening, and exploring new places and cuisines.
What our clients say:
Subscribe to our newsletter

Sign up to receive updates, promotions, and sneak peaks of upcoming products. Plus 20% off your next order.

Promotion nulla vitae elit libero a pharetra augue
Subscribe to our newsletter

Sign up to receive updates, promotions, and sneak peaks of upcoming products. Plus 20% off your next order.

Promotion nulla vitae elit libero a pharetra augue
Subscribe to our newsletter

Sign up to receive updates, promotions, and sneak peaks of upcoming products. Plus 20% off your next order.

Promotion nulla vitae elit libero a pharetra augue