The National Information Technology Development Agency (NITDA) has warned website owners of a critical security vulnerability in the Jupiter x core plugin for WordPress.
In a post on X on Thursday, NITDA said the vulnerability, tagged ‘Cve-2025-0366,’ allows unauthorised file uploads and website takeovers.
NITDA said the vulnerability poses a significant risk to websites, especially those handling sensitive user data.
The agency urged those using the plugin to immediately update to the “latest patched version 4.8.8”.
Advertisement
“A critical security flaw has been discovered in the Jupiter X Core plugin for WordPress, affecting websites using this popular theme framework,” NITDA said.
“The vulnerability, identified as an unauthenticated privilege escalation flaw, allows attackers to execute arbitrary code or gain administrative access without authentication.
“If exploited, this vulnerability could allow attackers to take full control of affected WordPress sites, modify content, inject malware, or even deface websites.
Advertisement
“This poses a significant risk to website owners, especially those handling sensitive user data.
“Update immediately to the latest patched version 4.8.8 of the Jupiter X Core plugin. Remove unused or outdated plugins in WordPress.”
NITDA advised website owners to regularly check for unauthorised admin accounts or unexpected changes on websites, and use strong authentication methods.
Advertisement
Add a comment
