CVE-2024-7772 – The Jupiter X Core WordPress plugin has a criti... (How to Fix)

Q: What is the severity of CVE-2024-7772?

CVE-2024-7772 has a CVSS score of 9.8 (CRITICAL). The Jupiter X Core WordPress plugin has a critical vulnerability allowing unauthenticated attackers to upload arbitrary files due to improper file type validation. This can lead to remote code execution on affected WordPress sites. All WordPress sites using Jupiter X Core version 4.6.5 or earlier are vulnerable.

📋 TL;DR

The Jupiter X Core WordPress plugin has a critical vulnerability allowing unauthenticated attackers to upload arbitrary files due to improper file type validation. This can lead to remote code execution on affected WordPress sites. All WordPress sites using Jupiter X Core version 4.6.5 or earlier are vulnerable.

💻 Affected Systems

Products:

Jupiter X Core WordPress Plugin

Versions: All versions up to and including 4.6.5

Operating Systems: All operating systems running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects WordPress installations with Jupiter X Core plugin active. No special configuration required.

📦 What is this software?

Jupiter X Core by Artbees

View all CVEs affecting Jupiter X Core →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server compromise via remote code execution, allowing attackers to install malware, steal data, deface websites, or use the server for further attacks.

🟠

Likely Case

Attackers upload web shells to gain persistent access, deface websites, or install cryptocurrency miners.

🟢

If Mitigated

File uploads blocked or properly validated, limiting impact to denial of service if upload attempts flood the server.

🌐 Internet-Facing: HIGH

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit requires no authentication and minimal technical skill. Public proof-of-concept code is available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.6.6

Vendor Advisory: https://plugins.trac.wordpress.org/changeset/3139412/

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find Jupiter X Core and click 'Update Now'. 4. Verify version is 4.6.6 or higher.

🔧 Temporary Workarounds

Disable Jupiter X Core Plugin

all

Temporarily deactivate the vulnerable plugin until patched.

wp plugin deactivate jupiterx-core

Restrict File Uploads via .htaccess

linux

Block PHP file uploads to the uploads directory.

Add to .htaccess in wp-content/uploads: <Files *.php> deny from all </Files>

🧯 If You Can't Patch

Implement web application firewall (WAF) rules to block file upload attempts to Jupiter X Core endpoints.
Restrict file permissions on wp-content/uploads directory to prevent execution of uploaded files.

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin → Plugins → Installed Plugins for Jupiter X Core version. If version is 4.6.5 or lower, you are vulnerable.

Check Version:

wp plugin get jupiterx-core --field=version

Verify Fix Applied:

After updating, confirm Jupiter X Core version is 4.6.6 or higher in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

POST requests to /wp-admin/admin-ajax.php with action=jupiterx_form_upload
File uploads with unusual extensions in wp-content/uploads
404 errors for uploaded PHP files in uploads directory

Network Indicators:

Unusual outbound connections from WordPress server post-file upload
HTTP requests to known web shell paths

SIEM Query:

source="web_logs" AND uri="/wp-admin/admin-ajax.php" AND method="POST" AND params.action="jupiterx_form_upload"

📊 Metadata

CVE ID: CVE-2024-7772

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-434

Published: September 26, 2024

Last Updated: October 2, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-7772, you might also want to check these: