VulnTitan VulnTitan Security command center
Plugin Vulnerability Hub
Plugin 21 known issues Latest disclosed Mar 23, 2026

Jupiter X Core Vulnerabilities

Review known vulnerability records for the WordPress plugin Jupiter X Core (`jupiterx-core`), including severity, CVE references, affected versions, and patch status.

View on WordPress.org Back to Feed
Known Records
21
High or Critical
12
Linked CVEs
20
Last Updated
Mar 23, 2026
Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for Jupiter X Core so operators can quickly confirm whether a disclosed issue maps to the installed slug and version range.

Patch Visibility
21 records include a published patch path.
Severity Mix
4 critical and 8 high severity findings.
Reference Workflow
Jump from the hub into the full report when you need remediation notes, CVSS vector details, or source references.
Known Vulnerabilities

Reports for Jupiter X Core

Sorted by latest disclosure date so newly published issues surface first.

Plugin High Patched: Yes CVE-2026-3533
JupiterX Core <= 4.14.1 - Authenticated (Subscriber+) Missing Authorization To Limited File Upload via Popup Template Import

The Jupiter X Core plugin for WordPress is vulnerable to limited file uploads due to missing authorization on import_popup_templates() function as well as insufficient file type validation in the upload_files() function in all versions up to, and including, 4.14.1. This makes it...

Published
Mar 23, 2026
Patched Release
4.14.2
Affected Versions
Versions up to 4.14.1
Next Step
Update to 4.14.2 or newer if supported.
Open Full Report Open CVE Reference
Plugin High Patched: Yes CVE-2025-50004
JupiterX Core <= 4.10.1 - Authenticated (Contributor+) PHP Object Injection

The JupiterX Core plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.10.1 via deserialization of untrusted input [from the vulnerable parameter?|in the vulnerable function?]. This makes it possible for authenticated attackers, with cont...

Published
Jan 12, 2026
Patched Release
4.11.0
Affected Versions
Versions up to 4.10.1
Next Step
Update to 4.11.0 or newer if supported.
Open Full Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2025-58264
JupiterX Core <= 4.11.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

The JupiterX Core plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.11.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to...

Published
Sep 22, 2025
Patched Release
4.11.1
Affected Versions
Versions up to 4.11.0
Next Step
Update to 4.11.1 or newer if supported.
Open Full Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2025-3888
Jupiterx Core <= 4.8.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Inline SVG

The Jupiter X Core plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File inclusion in all versions up to, and including, 4.8.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributo...

Published
May 16, 2025
Patched Release
4.9.1
Affected Versions
Versions up to 4.8.12
Next Step
Update to 4.9.1 or newer if supported.
Open Full Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2025-47475
JupiterX Core <= 4.8.11 - Authenticated (Contributor+) Stored Cross-Site Scripting

The JupiterX Core plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.8.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to...

Published
May 07, 2025
Patched Release
4.8.12
Affected Versions
Versions up to 4.8.11
Next Step
Update to 4.8.12 or newer if supported.
Open Full Report Open CVE Reference
Plugin High Patched: Yes CVE-2025-2105
Jupiter X Core <= 4.8.11 - Unauthenticated PHP Object Injection via PHAR

The Jupiter X Core plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.8.11 via deserialization of untrusted input from the 'file' parameter of the 'raven_download_file' function. This makes it possible for attackers to inject a PHP...

Published
Apr 25, 2025
Patched Release
4.8.12
Affected Versions
Versions up to 4.8.11
Next Step
Update to 4.8.12 or newer if supported.
Open Full Report Open CVE Reference
Plugin High Patched: Yes CVE-2025-0366
Jupiter X Core <= 4.8.7 - Authenticated (Contributor+) SVG Upload to Local File Inclusion (Remote Code Execution)

The Jupiter X Core plugin for WordPress is vulnerable to Local File Inclusion to Remote Code Execution in all versions up to, and including, 4.8.7 via the get_svg() function. This makes it possible for authenticated attackers, with Contributor-level access and above, to include a...

Published
Jan 31, 2025
Patched Release
4.8.8
Affected Versions
Versions up to 4.8.7
Next Step
Update to 4.8.8 or newer if supported.
Open Full Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2025-0365
Jupiterx Core <= 4.8.7 - Authenticated (Contributor+) Arbitrary File Read

The Jupiter X Core plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 4.8.7 via the inline SVG feature. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the contents of arbitrary file...

Published
Jan 31, 2025
Patched Release
4.8.8
Affected Versions
Versions up to 4.8.7
Next Step
Update to 4.8.8 or newer if supported.
Open Full Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-12316
Jupiter X Core <= 4.8.5 - Missing Authorization to Unauthenticated Popup Template Export

The Jupiter X Core plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_popup_action() function in all versions up to, and including, 4.8.5. This makes it possible for unauthenticated attackers to export popup templates...

Published
Jan 06, 2025
Patched Release
4.8.6
Affected Versions
Versions up to 4.8.5
Next Step
Update to 4.8.6 or newer if supported.
Open Full Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-12033
Jupiter X Core <= 4.8.5 - Missing Authorization to Authenticated Library Sync

The Jupiter X Core plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the sync_libraries() function in all versions up to, and including, 4.8.5. This makes it possible for authenticated attackers, with Subscriber-level access and above,...

Published
Jan 06, 2025
Patched Release
4.8.6
Affected Versions
Versions up to 4.8.5
Next Step
Update to 4.8.6 or newer if supported.
Open Full Report Open CVE Reference
Plugin High Patched: Yes CVE-2024-7781
Jupiter X Core <= 4.7.5 - Limited Unauthenticated Authentication Bypass to Account Takeover

The Jupiter X Core plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 4.7.5. This is due to improper authentication via the Social Login widget. This makes it possible for unauthenticated attackers to log in as the first user to have...

Published
Sep 25, 2024
Patched Release
4.7.8
Affected Versions
Versions up to 4.7.5
Next Step
Update to 4.7.8 or newer if supported.
Open Full Report Open CVE Reference
Plugin Critical Patched: Yes CVE-2024-7772
Jupiter X Core <= 4.6.5 - Unauthenticated Arbitrary File Upload

The Jupiter X Core plugin for WordPress is vulnerable to arbitrary file uploads due to a mishandled file type validation in the 'validate' function in all versions up to, and including, 4.6.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the a...

Published
Aug 23, 2024
Patched Release
4.6.6
Affected Versions
Versions up to 4.6.5
Next Step
Update to 4.6.6 or newer if supported.
Open Full Report Open CVE Reference