CVE-2022-1657
JupiterX Theme <= 2.0.6 and Jupiter Theme <= 6.10.1 - Authenticated Path Traversal and Local File Inclusion
Vulnerable versions of the Jupiter (<= 6.10.1) and JupiterX (<= 2.0.6) Themes allow logged-in users, including subscriber-level users, to perform Path Traversal and Local File inclusion. In the JupiterX theme, the jupiterx_cp_load_pane_action AJAX action present in the lib/admin/control-panel/control-panel.php file calls the load_control_panel_pane function. It is possible to use this action to include any local PHP file via the slug parameter. The Jupiter theme has a nearly identical vulnerability which can be exploited via the mka_cp_load_pane_action AJAX action present in the framework/admin/control-panel/logic/functions.php file, which calls the mka_cp_load_pane_action function.
We have discovered 169 live websites that are affected by CVE-2022-1657.
Affected Software
| Product | |
| Category | Wordpress Themes |
| Vulnerable Versions |
|
| Total Vulnerable Versions | 147 |
| Vulnerable Domains | 169 live websites (0.75% of Jupiter install base) |
Common Weakness Enumeration
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Distribution by Website Rank
The diagram provides a graphic representation of the correlation between the occurrence of CVE-2022-1657 and the relative popularity of websitesDetails
- Published - Jun 13, 2022
- Updated - Jun 13, 2022
Credits
- Ramuel Gall, Wordfence
CWE
CVE References
CWE References
Countries
 United States | 44 websites |
 Netherlands | 12 websites |
 Italy | 12 websites |
 Germany | 11 websites |
 Spain | 11 websites |
 France | 9 websites |
 GB | 7 websites |
 Austria | 6 websites |
 South Africa | 5 websites |
 Australia | 5 websites |
TLDs
| .com | 71 websites |
| .nl | 10 websites |
| .de | 7 websites |
| .es | 6 websites |
| .at | 5 websites |
| .pl | 5 websites |
| .it | 5 websites |
| .fr | 4 websites |
| .com.au | 4 websites |
| .org | 4 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redGeographical Distribution
The distribution of websites across the globe that are exposed to CVE-2022-1657 through included software libraries and plugins.Websites affected by CVE-2022-1657
Top websites that are affected by CVE-2022-1657. Please click on the "Contact us" button above to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ******.com | United States | ***,*** | |
| ***.************.nl | Netherlands | ***,*** | |
| ***.**.com | GB | ***,*** | |
| ********.me | GB | *,***,*** | |
| ***************.at | Austria | *,***,*** | |
| *********************.org | United States | *,***,*** | |
| ******.com | United States | *,***,*** | |
| ******************.com | Germany | *,***,*** | |
| ***.******************.com | United States | *,***,*** | |
| ***********.pl |  Poland | *,***,*** |