CVE-2026-3533 - Jupiter X Core WordPress Plugin - Unrestricted File Upload

Overview

Jupiter X Core WordPress plugin <= 4.14.1 contains a limited file upload vulnerability caused by missing authorization and insufficient file type validation in import_popup_templates() and upload_files() functions, letting authenticated attackers with subscriber-level access upload dangerous files leading to remote code execution or stored XSS.

Severity & Score

Severity: High

CVSS Score: 8.8

EPSS Score: 0.0%(Probability of exploitation in next 30 days)

Impact

Authenticated attackers can upload malicious files causing remote code execution or stored cross-site scripting, compromising server or user security.

Mitigation

Update to the latest version beyond 4.14.1.

References

Social Media Activity(2 posts)

TheHackerWire

@thehackerwire

Mar 24, 2026

🟠 CVE-2026-3533 - High (8.8) The Jupiter X Core plugin for WordPress is vulnerable to limited file uploads due to missing authorization on import_popup_templates() function as well as insufficient file type validation in the upload_files() function in all versions up to, and ... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3533/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

TheHackerWire

@thehackerwire

Mar 24, 2026

🟠 CVE-2026-3533 - High (8.8) The Jupiter X Core plugin for WordPress is vulnerable to limited file uploads due to missing authorization on import_popup_templates() function as well as insufficient file type validation in the upload_files() function in all versions up to, and ... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3533/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

CVE-2026-3533 - Vulnerability Analysis

Overview

Severity & Score

Impact

Mitigation

References

Social Media Activity(2 posts)

Related Resources

Details

CWE

CVSS Metrics

EPSS Score