Product
The Jupiter X Core plugin for WordPress is vulnerable to remote code execution and stored cross-site scripting due to missing authorization and insufficient file type validation in versions up to 4.14.1, allowing authenticated attackers with subscriber-level access to upload malicious files.