CVE-2024-7781

Authentication Bypass Using an Alternate Path or Channel (CWE-288)

Published: Sep 26, 2024 / Updated: 55d ago

010
CVSS 9.8EPSS 0.06%Critical
CVE info copied to clipboard

Summary

The Jupiter X Core plugin for WordPress has an authentication bypass vulnerability in all versions up to and including 4.7.5. This vulnerability is caused by improper authentication in the Social Login widget. It allows unauthenticated attackers to log in as the first user who has logged in with a social media account, which could include administrator accounts. The vulnerability can be exploited even if the Social Login element has been disabled, as long as it was previously enabled and used.

Impact

The impact of this vulnerability is severe. Attackers can gain unauthorized access to user accounts, potentially including administrator accounts, which could lead to complete compromise of the WordPress site. This can result in unauthorized data access, modification of website content, installation of malicious plugins, and potential lateral movement within the network. The CVSS v3.1 base score is 9.8 (Critical), with high impacts on confidentiality, integrity, and availability. The attack vector is network-based, requires no user interaction, and no privileges, making it relatively easy to exploit.

Exploitation

There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.

Patch

A partial patch is available in version 4.7.5 of the Jupiter X Core plugin. However, a full patch addressing the vulnerability is available in version 4.7.8. It is strongly recommended to update to version 4.7.8 or later to fully mitigate this vulnerability.

Mitigation

1. Immediately update the Jupiter X Core plugin to version 4.7.8 or later. 2. If immediate updating is not possible, disable the Social Login widget and remove any instances of it from your WordPress site. 3. Conduct a thorough review of user accounts, especially those with administrative privileges, to identify any potentially compromised accounts. 4. Implement strong, multi-factor authentication for all user accounts, especially administrative ones. 5. Monitor for any suspicious login activities or unexpected account creations. 6. Consider using a Web Application Firewall (WAF) to help protect against exploitation attempts. 7. Regularly update all WordPress core files, themes, and plugins to their latest versions to prevent similar vulnerabilities.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Timeline

First Article

Feedly found the first article mentioning CVE-2024-7781. See article

Sep 25, 2024 at 5:39 PM / Blog - Wordfence
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Sep 25, 2024 at 8:49 PM
CVE Assignment

NVD published the first details for CVE-2024-7781

Sep 26, 2024 at 5:15 AM
CVSS

A CVSS base score of 8.1 has been assigned.

Sep 26, 2024 at 5:20 AM / nvd
Threat Intelligence Report

CVE-2024-7781 has been validated by Wordfence, indicating a recognized vulnerability that may pose significant risks. However, the provided information does not specify the criticality, CVSS score, exploitation status, proof-of-concept exploits, mitigations, detections, patches, or any downstream impacts on third-party vendors or technology. Further details would be necessary to assess the full implications of this vulnerability. See article

Sep 26, 2024 at 9:32 AM
EPSS

EPSS Score was set to: 0.06% (Percentile: 27.7%)

Sep 26, 2024 at 9:33 AM
Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Qualys (152254)

Sep 30, 2024 at 7:53 AM
CVSS

A CVSS base score of 9.8 has been assigned.

Oct 2, 2024 at 4:25 PM / nvd
Static CVE Timeline Graph

Affected Systems

Artbees/jupiter_x_core
+null more

Patches

plugins.trac.wordpress.org
+null more

Links to Mitre Att&cks

T1083: File and Directory Discovery
+null more

Attack Patterns

CAPEC-127: Directory Indexing
+null more

References

Jupiter X Core Plugin <= 4.7.5 Authentication Bypass (CVE-2024-7781)
An attacker can get authenticated with the same rights as the target user (admin, etc.) if that user logged in at least one time in the past using Google or Facebook. Now let's dig a little deeper and check if knowing the identifier associated with a target user is really necessary to exploit this vulnerability.
Jupiter X Core Plugin <= 4.7.5 Authentication Bypass (CVE-2024-7781)
An attacker can get authenticated with the same rights as the target user (admin, etc.) if that user logged in at least one time in the past using Google or Facebook. Now let's dig a little deeper and check if knowing the identifier associated with a target user is really necessary to exploit this vulnerability.
Jupiter X Core Plugin <= 4.7.5 Authentication Bypass (CVE-2024-7781)
An attacker can get authenticated with the same rights as the target user (admin, etc.) if that user logged in at least one time in the past using Google or Facebook. Now let's dig a little deeper and check if knowing the identifier associated with a target user is really necessary to exploit this vulnerability.
See 2 more references

News

Web Application Detections Published in October 2024
In October, Qualys released QIDs targeting vulnerabilities in several widely used software products, including WordPress, Zohocorp ManageEngine Endpoint, Lobe Chat, Ivanti Virtual Traffic Manager (vTM), Traefik, Nginx Proxy Manager, Harbor, Haproxy, SolarWinds Access Rights Manager (ARM), Cacti, Ivanti Endpoint Manager Mobile (EPMM), JetBrains TeamCity, Palo Alto Networks Expedition, Progress Telerik Report Server, Zimbra, Oracle WebLogic Server, Apache Solr, FlatPress CMS, pgAdmin, Grafana, pfSense, SolarWinds Web Help Desk, Ivanti Avalanche, ReCrystallize Server, Joomla!, and PHP. The QIDs released to detect the vulnerabilities in the frameworks above are listed below. Details about the following QIDs can be found in our knowledge base. Please review reports of the scanned applications for these detections and, if any are identified follow the steps provided in the knowledge base to ensure applications are protected against the reported vulnerabilities. QID Title 152202 Zohocorp ManageEngine Endpoint Central Incorrect Authorization Vulnerability (CVE-2024-38868) 152206 WordPress Delicious Recipe Plugin: Arbitrary File Movement and Reading Vulnerability (CVE-2024-7626) 152207 WordPress Simple Spoiler Plugin: Arbitrary Shortcode Execution Vulnerability (CVE-2024-8479) 152209 WordPress PropertyHive Plugin: Cross-Site Request Forgery Vulnerability (CVE-2024-8490) 152210 WordPress Share This Image Plugin: Open Redirect Vulnerability (CVE-2024-8761) 152215 WordPress infolinks Ad Wrap Plugin: Cross-Site Request Forgery Vulnerability (CVE-2024-8044) 152216 WordPress Bit File Manager Plugin:
Over 90,000 WordPress Sites Exposed Due to Security Flaws in Jupiter X Core Plugin
In a recent cybersecurity alert, researchers have uncovered critical vulnerabilities in the popular Jupiter X Core WordPress plugin, which is currently installed on over 90,000 websites globally. This plugin has been identified as having security flaws that could potentially allow attackers to execute arbitrary code and take control of affected websites.
WordPress LiteSpeed Cache Plugin Security Flaw Exposes Sites to XSS Attacks
It also follows the disclosure of an unpatched critical SQL injection flaw in the TI WooCommerce Wishlist plugin (CVE-2024-43917, CVSS score: 9.8) that, if successfully exploited, permits any user to execute arbitrary SQL queries in the database of the WordPress site. The flaw, tracked as CVE-2024-47374 (CVSS score: 7.2), has been described as a stored cross-site scripting (XSS) vulnerability impacting all versions of the plugin up to and including 6.5.0.2.
WordPress LiteSpeed Cache Plugin Security Flaw Exposes Sites to XSS Attacks
It also follows the disclosure of an unpatched critical SQL injection flaw in the TI WooCommerce Wishlist plugin (CVE-2024-43917, CVSS score: 9.8) that, if successfully exploited, permits any user to execute arbitrary SQL queries in the database of the WordPress site. The flaw, tracked as CVE-2024-47374 (CVSS score: 7.2), has been described as a stored cross-site scripting ( XSS ) vulnerability impacting all versions of the plugin up to and including 6.5.0.2.
WordPress LiteSpeed Cache Plugin Security Flaw Exposes Sites to XSS Attacks
It also follows the disclosure of an unpatched critical SQL injection flaw in the TI WooCommerce Wishlist plugin (CVE-2024-43917, CVSS score: 9.8) that, if successfully exploited, permits any user to execute arbitrary SQL queries in the database of the WordPress site. The flaw, tracked as CVE-2024-47374 (CVSS score: 7.2), has been described as a stored cross-site scripting ( XSS ) vulnerability impacting all versions of the plugin up to and including 6.5.0.2.
See 21 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:None
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI