Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Jupiter Theme <= 6.10.1 - Authenticated Arbitrary Plugin Deletion
Vulnerability Description
Vulnerable versions of the Jupiter Theme (<= 6.10.1) allow arbitrary plugin deletion by any authenticated user, including users with the subscriber role, via the abb_remove_plugin AJAX action registered in the framework/admin/control-panel/logic/plugin-management.php file. Using this functionality, any logged-in user can delete any installed plugin on the site.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
Vulnerability Type
访问控制不恰当
Vulnerability Title
Jupiter Theme 访问控制错误漏洞
Vulnerability Description
WordPress等都是(WordPress)基金会的产品。WordPress是一套使用PHP语言开发的博客平台。WordPress theme是WordPress的一款主题。JupiterX Core等都是的产品。JupiterX Core是一款Wordpress高级视图插件。 Jupiter Theme 6.10.1 版本及之前版本存在访问控制错误漏洞,该漏洞源于通过在 framework/admin/control-panel/logic/plugin-management.php 文件中注册的 a
CVSS Information
N/A
Vulnerability Type
N/A