CVE-2022-1656 Vulnerable versions of the JupiterX Theme (=2.0.6) allow any logged-in user to access any of the functions in lib/api/api/ajax.php. This grants access to the jupiterx_api_ajax_actions registered by the theme.

This would allow for an attacker to exploit the system by creating a malicious plugin which could then be activated at will by any of the site’s users. Another attack vector would be to create a malicious plugin for a site using JupiterX. If the user of this site did not have the necessary access to update their own API key, then the attacker would be able to install a malicious update for the JupiterX Core Plugin, which would then give them access to deactivate arbitrary plugins and update the API key. Subscriber-level users have access to the plugin functions and update functions of the Core Plugin. This gives an attacker the ability to install a malicious update for the Core Plugin, which would then give them access to update the API key and deactivate arbitrary plugins. Finally, the subscriber-level users have access to the plugin functions and update functions of the JupiterX Theme. This gives an attacker the ability to install a malicious update for the Theme, which would then give them access to update the API key and deactivate arbitrary themes. By having the ability to update the API key, the attacker can then upload malicious updates to any plugins or themes on the site, granting them access to activate the malicious plugin or theme.

Impact: An attacker could exploit these issues to access the functionality of the system which they are not authorized to access, or to install malicious updates which could deactivate existing plugins or themes.

Update your installed plugins and themes

The first step to preventing attacks is to update the plugins and themes that are installed on your site. You can do this from the management dashboard, or by visiting your website's admin settings page.

Update JupiterX Core Plugin:
https://jupiterx.com/manage-plugins/
Update JupiterX Theme:
https://jupiterx.com/manage-themes/

Paypal API Key Manipulation

Paypal is a popular online payment system. If an attacker can successfully steal the PayPal API key, they will be able to access and update any plugins or themes on the site without authorization. This gives them full control over the website and its functionality, allowing them to deactivate plugins or themes at will.

Impact: An attacker could exploit these issues with their stolen API key to gain full control over the website's functionality.

Tag management

Tags can be used to group similar searches together, so you can see a list of related searches by typing your query into the search bar. These tags are helpful in finding what you are looking for on the website and can help with keyword research.
A common problem with tag management is when an incorrect tag is selected, which could lead to misfortunes for your website's SEO.
A solution to this issue would be adjusting your mobile site's meta keywords tag. This is done by changing your meta title from "Meta Title" to "Meta Keywords", and updating the value of the meta description from "Meta Description" to "Meta Keywords".
This would allow visitors searching on their mobile phone to find your website more easily, as they would not miss out because they do not have access to edit their meta titles or descriptions.

Detecting Attacks:

There are a number of ways that the vulnerability can be detected from within the system. From an attacker’s perspective, they would not know which update is malicious and which is legitimate.

Mitigation: The issue could be mitigated by verifying that only updates made by the intended person are installed and activated.

Timeline

Published on: 06/13/2022 13:15:00 UTC
Last modified on: 06/17/2022 23:27:00 UTC

References

• https://www.wordfence.com/blog/2022/05/critical-privilege-escalation-vulnerability-in-jupiter-and-jupiterx-premium-themes/
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1656