Accounts may be hijacked and data can be uploaded without authentication if a certain version of Jupiter X Core, a premium plugin for setting up WordPress and WooCommerce websites, is used. These vulnerabilities impact various versions of the plugin.Jupiter X Core is a visual editor that is both simple and powerful, and it is a component of the Jupiter X theme. The Jupiter X theme is used in more than 172,000 websites.
Accounts may be hijacked and data can be uploaded without authentication if a certain version of Jupiter X Core, a premium plugin for setting up WordPress and WooCommerce websites, is used. These vulnerabilities impact various versions of the plugin.
Jupiter X Core is a visual editor that is both simple and powerful, and it is a component of the Jupiter X theme. The Jupiter X theme is used in more than 172,000 websites.
The second flaw, identified as CVE-2023-38389, makes it possible for unauthenticated attackers to gain control of any WordPress user account so long as they are in possession of the user’s email address. The vulnerability has been given a critical severity level of 9.8 and affects all versions of Jupiter X Core beginning with 3.3.8 and below.
The two major vulnerabilities were identified by Rafie Muhammad, an analyst at the WordPress security business Patchstack. He then disclosed his findings to ArtBee, the creator of Jupiter X Core, who fixed the problems earlier this month.
It is strongly suggested that users of the JupiterX Core plugin update as quickly as possible to version 3.4.3 in order to reduce the high risks presented by the two vulnerabilities.
Information security specialist, currently working as risk infrastructure specialist & investigator.
15 years of experience in risk and control process, security audit support, business continuity design and support, workgroup management and information security standards.
