CVE-2024-12316
Jupiter X Core <= 4.8.5 - Missing Authorization to Unauthenticated Popup Template ExportThe Jupiter X Core plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_popup_action() function in all versions up to, and including, 4.8.5. This makes it possible for unauthenticated attackers to export popup templates.
We have discovered 8,311 live websites that are affected by CVE-2024-12316.
Affected Software
| Product |  Jupiterx Core |
| Category | Wordpress Plugins |
| Vulnerable Domains | 8,311 live websites (85.33% of Jupiterx Core install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 49 versions ( 90.74% of all versions) |
Common Weakness Enumeration
CWE-862 Missing AuthorizationDetails
- Published - Jan 7, 2025
- Updated - Jan 7, 2025
Credits
- Tieu Pham Trong Nhan (finder)
CWE
CVE References
CWE References
CVE-2024-12316 usage by Country
 United States | 3,320 websites |
 Germany | 1,015 websites |
 France | 688 websites |
 GB | 310 websites |
 Netherlands | 308 websites |
 Spain | 281 websites |
 Italy | 268 websites |
 Cyprus | 152 websites |
 Switzerland | 149 websites |
 Canada | 144 websites |
CVE-2024-12316 usage by TLD
| .com | 3,656 websites |
| .de | 458 websites |
| .org | 378 websites |
| .nl | 349 websites |
| .fr | 281 websites |
| .it | 275 websites |
| .co.uk | 236 websites |
| .com.br | 214 websites |
| .ca | 178 websites |
| .com.au | 163 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2024-12316
Top websites that are affected by CVE-2024-12316. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *************************.com | United States | *,*** | |
| ************.nl | Netherlands | *,*** | |
| *******************.com | United States | **,*** | |
| *******.net | United States | **,*** | |
| *******************************.com | United States | **,*** | |
| ****************.org | United States | **,*** | |
| *********************.com | United States | **,*** | |
| ***.org | United States | **,*** | |
| *************.com | United States | **,*** | |
| **********.com | United States | **,*** |
FAQ
CVE-2024-12316 is Missing Authorization in Jupiterx Core
A total of 8,311 websites have been identified as vulnerable to CVE-2024-12316, discovered through global website indexing conducted by WebTechSurvey.
Jupiterx Core is susceptible to CVE-2024-12316 vulnerability.
Jupiterx Core versions before, and including, 4.8.5 are vulnerable to CVE-2024-12316.