CVE-2022-1654 – This vulnerability allows any authenticated use... (How to Fix)

Q: How do I fix CVE-2022-1654?

1. Update Jupiter Theme to version 6.10.2 or higher via WordPress admin panel. 2. Update JupiterX Core Plugin to version 2.0.8 or higher via WordPress admin panel. 3. Verify updates are applied correctly.

Q: What is the severity of CVE-2022-1654?

CVE-2022-1654 has a CVSS score of 8.8 (HIGH). This vulnerability allows any authenticated user, even with low privileges like subscribers or customers, to escalate their permissions to administrator level via AJAX actions in Jupiter Theme and JupiterX Core Plugin. It affects WordPress sites using these products. Attackers can gain full control of the affected WordPress installation.

📋 TL;DR

This vulnerability allows any authenticated user, even with low privileges like subscribers or customers, to escalate their permissions to administrator level via AJAX actions in Jupiter Theme and JupiterX Core Plugin. It affects WordPress sites using these products. Attackers can gain full control of the affected WordPress installation.

💻 Affected Systems

Products:

Jupiter Theme
JupiterX Core Plugin

Versions: Jupiter Theme <= 6.10.1, JupiterX Core Plugin <= 2.0.7

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Affects WordPress installations with these themes/plugins enabled. Requires at least one authenticated user account (even subscriber/customer level).

📦 What is this software?

Jupiter by Artbees

View all CVEs affecting Jupiter →

Jupiterx by Artbees

View all CVEs affecting Jupiterx →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete site takeover: attacker gains administrator access, can install malware, deface site, steal data, or use site for further attacks.

🟠

Likely Case

Privilege escalation leading to unauthorized administrative access, potentially resulting in site modification, plugin/themes installation, or data exfiltration.

🟢

If Mitigated

Limited impact if proper access controls, monitoring, and least privilege principles are already implemented.

🌐 Internet-Facing: HIGH - WordPress sites are typically internet-facing, and any authenticated user can exploit this vulnerability.

🏢 Internal Only: MEDIUM - Lower risk if only internal users have accounts, but still significant if any internal user can escalate to admin.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access but is straightforward via AJAX endpoints. Public details and proof-of-concept are available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Jupiter Theme 6.10.2+, JupiterX Core Plugin 2.0.8+

Vendor Advisory: https://themeforest.net/item/jupiter-multipurpose-responsive-theme/5177775

Restart Required: No

Instructions:

1. Update Jupiter Theme to version 6.10.2 or higher via WordPress admin panel. 2. Update JupiterX Core Plugin to version 2.0.8 or higher via WordPress admin panel. 3. Verify updates are applied correctly.

🔧 Temporary Workarounds

Disable vulnerable AJAX actions

all

Remove or restrict access to the vulnerable AJAX actions 'abb_uninstall_template' and 'jupiterx_core_cp_uninstall_template'.

Add to theme's functions.php or custom plugin: remove_action('wp_ajax_abb_uninstall_template', 'callback'); remove_action('wp_ajax_jupiterx_core_cp_uninstall_template', 'callback');

Restrict user registration

all

Temporarily disable new user registration to prevent new low-privilege accounts from being created.

In WordPress admin: Settings > General > uncheck 'Anyone can register'

🧯 If You Can't Patch

Implement strict access controls: limit user accounts to trusted individuals only.
Monitor for suspicious activity: watch for privilege escalation attempts in logs and user role changes.

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel: Appearance > Themes for Jupiter version, and Plugins for JupiterX Core version. If Jupiter <= 6.10.1 or JupiterX Core <= 2.0.7, you are vulnerable.

Check Version:

WordPress CLI: wp theme list --field=name,version | grep Jupiter; wp plugin list --field=name,version | grep jupiterx-core

Verify Fix Applied:

Confirm Jupiter Theme version is 6.10.2+ and JupiterX Core Plugin version is 2.0.8+ in WordPress admin.

📡 Detection & Monitoring

Log Indicators:

Unusual AJAX requests to 'abb_uninstall_template' or 'jupiterx_core_cp_uninstall_template' endpoints.
Sudden user role changes from subscriber/customer to administrator.

Network Indicators:

HTTP POST requests to /wp-admin/admin-ajax.php with action parameters matching the vulnerable endpoints.

SIEM Query:

source="wordpress.log" AND ("abb_uninstall_template" OR "jupiterx_core_cp_uninstall_template")

📊 Metadata

CVE ID: CVE-2022-1654

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-269

Published: June 13, 2022

Last Updated: November 21, 2024

🔗 References

https://www.wordfence.com/blog/2022/05/critical-privilege-escalation-vulnerability-in-jupiter-and-jupiterx-premium-themes/ Exploit,Third Party Advisory
https://www.wordfence.com/blog/2022/05/critical-privilege-escalation-vulnerability-in-jupiter-and-jupiterx-premium-themes/ Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-1654, you might also want to check these: