CVE-2024-7781

CVSS V2 None CVSS V3 None

Description

The Jupiter X Core plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 4.7.5. This is due to improper authentication via the Social Login widget. This makes it possible for unauthenticated attackers to log in as the first user to have logged in with a social media account, including administrator accounts. Attackers can exploit the vulnerability even if the Social Login element has been disabled, as long as it was previously enabled and used. The vulnerability was partially patched in version 4.7.5, and fully patched in version 4.7.8.

Overview

CVE ID
CVE-2024-7781

Assigner
Wordfence

Vulnerability Status
PUBLISHED

Published Version
2024-09-26T04:29:59.599Z

Last Modified Date
2024-09-26T04:29:59.599Z

Weakness Enumerations

CWE	URL
CWE-288	http://cwe.mitre.org/data/definitions/288.html

References

Reference URL	Reference Tags
https://www.wordfence.com/threat-intel/vulnerabilities/id/efd279c2-9e95-45bd-9494-fb53a6333c65?source=cve
https://plugins.trac.wordpress.org/browser/jupiterx-core/trunk/includes/extensions/raven/includes/modules/forms/classes/social-login-handler/google.php
https://plugins.trac.wordpress.org/browser/jupiterx-core/trunk/includes/extensions/raven/includes/modules/forms/classes/social-login-handler/facebook.php
https://plugins.trac.wordpress.org/changeset/3153667/

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2024-7781
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7781

History

Created	Old Value	New Value	Data Type	Notes
2024-10-06 12:13:10				Added to TrackCVE