{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-17T19:13:51.227","vulnerabilities":[{"cve":{"id":"CVE-2024-7781","sourceIdentifier":"security@wordfence.com","published":"2024-09-26T05:15:12.470","lastModified":"2024-10-02T16:21:03.113","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"The Jupiter X Core plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 4.7.5. This is due to improper authentication via the Social Login widget. This makes it possible for unauthenticated attackers to log in as the first user to have logged in with a social media account, including administrator accounts. Attackers can exploit the vulnerability even if the Social Login element has been disabled, as long as it was previously enabled and used. The vulnerability was partially patched in version 4.7.5, and fully patched in version 4.7.8."},{"lang":"es","value":"El complemento Jupiter X Core para WordPress es vulnerable a la omisión de la autenticación en todas las versiones hasta la 4.7.5 incluida. Esto se debe a una autenticación incorrecta a través del widget de inicio de sesión social. Esto permite que atacantes no autenticados inicien sesión como el primer usuario que haya iniciado sesión con una cuenta de red social, incluidas las cuentas de administrador. Los atacantes pueden explotar la vulnerabilidad incluso si el elemento de inicio de sesión social se ha deshabilitado, siempre que se haya habilitado y utilizado previamente. La vulnerabilidad se solucionó parcialmente en la versión 4.7.5 y completamente en la versión 4.7.8."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-288"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-306"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:artbees:jupiter_x_core:*:*:*:*:*:wordpress:*:*","versionEndExcluding":"4.7.8","matchCriteriaId":"60704039-8642-47A2-8565-56462D56EEDC"}]}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/jupiterx-core/trunk/includes/extensions/raven/includes/modules/forms/classes/social-login-handler/facebook.php","source":"security@wordfence.com","tags":["Product"]},{"url":"https://plugins.trac.wordpress.org/browser/jupiterx-core/trunk/includes/extensions/raven/includes/modules/forms/classes/social-login-handler/google.php","source":"security@wordfence.com","tags":["Product"]},{"url":"https://plugins.trac.wordpress.org/changeset/3153667/","source":"security@wordfence.com","tags":["Patch"]},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/efd279c2-9e95-45bd-9494-fb53a6333c65?source=cve","source":"security@wordfence.com","tags":["Third Party Advisory"]}]}}]}