CVE-2022-1654 Information

Description

Jupiter Theme <= 6.10.1 and JupiterX Core Plugin <= 2.0.7 allow any authenticated attacker including a subscriber or customer-level attacker to gain administrative privileges via the bb_uninstall_template\ (both) and \jupiterx_core_cp_uninstall_template\ (JupiterX Core Only) AJAX actions

Reference

https://www.wordfence.com/blog/2022/05/critical-privilege-escalation-vulnerability-in-jupiter-and-jupiterx-premium-themes/