A technical deep dive into the discovery of an unauthenticated zero-day vulnerability in the Ninja Forms - File Uploads WordPress extension, which allows arbitrary file uploads, remote code execution, and full server compromise.

An authentication bypass vulnerability was found on Jupiter X Core Plugin <= 4.7.5 (CVE-2024-7781).

A pre-authentication remote code execution vulnerability was found on Jupiter X Core Plugin <= 4.6.5 (CVE-2024-7772).