CVE-2024-7781
Jupiter X Core <= 4.7.5 - Limited Unauthenticated Authentication Bypass to Account TakeoverThe Jupiter X Core plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 4.7.5. This is due to improper authentication via the Social Login widget. This makes it possible for unauthenticated attackers to log in as the first user to have logged in with a social media account, including administrator accounts. Attackers can exploit the vulnerability even if the Social Login element has been disabled, as long as it was previously enabled and used. The vulnerability was partially patched in version 4.7.5, and fully patched in version 4.7.8.
We have discovered 7,565 live websites that are affected by CVE-2024-7781.
Affected Software
| Product |  Jupiterx Core |
| Category | Wordpress Plugins |
| Vulnerable Domains | 7,565 live websites (77.67% of Jupiterx Core install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 47 versions ( 87.04% of all versions) |
Common Weakness Enumeration
CWE-288 Authentication Bypass Using an Alternate Path or ChannelDetails
- Published - Sep 26, 2024
- Updated - Sep 26, 2024
Credits
- Geo Void (finder)
CWE
CVE References
CWE References
CVE-2024-7781 usage by Country
 United States | 3,009 websites |
 Germany | 902 websites |
 France | 614 websites |
 GB | 277 websites |
 Spain | 267 websites |
 Netherlands | 265 websites |
 Italy | 249 websites |
 Cyprus | 145 websites |
 Switzerland | 137 websites |
 Canada | 126 websites |
CVE-2024-7781 usage by TLD
| .com | 3,363 websites |
| .de | 396 websites |
| .org | 328 websites |
| .nl | 306 websites |
| .it | 253 websites |
| .fr | 247 websites |
| .co.uk | 213 websites |
| .com.br | 200 websites |
| .com.au | 149 websites |
| .ca | 148 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2024-7781
Top websites that are affected by CVE-2024-7781. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *************************.com | United States | *,*** | |
| *******************.com | United States | **,*** | |
| *******************************.com | United States | **,*** | |
| *********************.com | United States | **,*** | |
| ***.org | United States | **,*** | |
| *************.com | United States | **,*** | |
| **********.com | United States | **,*** | |
| ****.org | United States | **,*** | |
| ******.com | GB | ***,*** | |
| *************************.com |  Bulgaria | ***,*** |
FAQ
CVE-2024-7781 is Authentication Bypass Using an Alternate Path or Channel in Jupiterx Core
A total of 7,565 websites have been identified as vulnerable to CVE-2024-7781, discovered through global website indexing conducted by WebTechSurvey.
Jupiterx Core is susceptible to CVE-2024-7781 vulnerability.
Jupiterx Core versions before, and including, 4.7.5 are vulnerable to CVE-2024-7781.
References
- https://www.wordfence.com/threat-intel/vulnerabilities/id/efd279c2-9e95-45bd-9494-fb53a6333c65?source=cve
- https://plugins.trac.wordpress.org/browser/jupiterx-core/trunk/includes/extensions/raven/includes/modules/forms/classes/social-login-handler/google.php
- https://plugins.trac.wordpress.org/browser/jupiterx-core/trunk/includes/extensions/raven/includes/modules/forms/classes/social-login-handler/facebook.php
- https://plugins.trac.wordpress.org/changeset/3153667/