Accounts may be hijacked and data can be uploaded without authentication if a certain version of Jupiter X Core, a premium plugin for setting up WordPress and WooCommerce websites, is used. These vulnerabilities impact various versions of the plugin.
Jupiter X Core is a visual editor that is both simple and powerful, and it is a component of the Jupiter X theme. The Jupiter X theme is used in more than 172,000 websites.
The second flaw, identified as CVE-2023–38389, makes it possible for unauthenticated attackers to gain control of any WordPress user account so long as they are in possession of the user’s email address. The vulnerability has been given a critical severity level of 9.8 and affects all versions of Jupiter X Core beginning with 3.3.8 and below.
Comments are closed.