CVE-2024-7781: 
WordPress vulnerability analysis and mitigation

The Jupiter X Core plugin for WordPress contains an authentication bypass vulnerability (CVE-2024-7781) affecting all versions up to and including 4.7.5. This critical security flaw was discovered through the Wordfence Bug Bounty Program and has been assigned a CVSS score of 8.1 (High) by Wordfence and 9.8 (Critical) by NIST (NVD, Security Online).

The vulnerability stems from improper authentication implementation in the Social Login widget. The flaw has been classified under CWE-306 (Missing Authentication for Critical Function) by NIST and CWE-288 (Authentication Bypass Using an Alternate Path or Channel) by Wordfence. The vulnerability received a CVSS v3.1 base score of 9.8 (CRITICAL) with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H from NIST, indicating its critical severity and ease of exploitation (NVD).

The vulnerability allows unauthenticated attackers to log in as the first user who previously logged in using a social media account, including administrator accounts. This access remains possible even if the Social Login element has been disabled, as long as it was previously enabled and used (NVD, Hacker News).

The vulnerability was partially patched in version 4.7.5 and fully patched in version 4.7.8. Users are strongly advised to update their installations to version 4.7.8 as soon as possible to protect against potential attacks (NVD).