Security News > 2022 > May > Critical Vulnerability in Premium WordPress Themes Allows for Site Takeover

Critical Vulnerability in Premium WordPress Themes Allows for Site Takeover
2022-05-19 13:03

A critical privilege escalation flaw found in two themes used by more than 90,000 WordPress sites can allow threat actors to take over the sites completely, researchers have found.

WordFence Threat Intelligence Team researcher Ramuel Gall discovered the flaw, one of five vulnerabilities he found between early April and early May in the Jupiter and JupiterX Premium WordPress themes, he revealed in a blog post published Wednesday.

One of the flaws-tracked as CVE-2022-1654 and rated as 9.9, or critical on the CVSS-allows for "Any authenticated attacker, including a subscriber or customer-level attacker, to gain administrative privileges and completely take over any site running either the Jupiter Theme or JupiterX Core Plugin," he wrote.

Affected versions of the themes are: Jupiter Theme 6.10.1 or earlier, and JupiterX Core Plugin 2.0.7 or earlier.

On a site with a vulnerable version of the Jupiter Theme installed, any logged-in user can elevate their privileges to those of an administrator by sending an AJAX request with the action parameter set to abb uninstall template.

"Vulnerable versions of the Jupiter and JupiterX Themes allow logged-in users, including subscriber-level users, to perform Path Traversal and Local File inclusion," Gall explained.


News URL

https://threatpost.com/vulnerability-wordpress-themes-site-takeover/179672/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2022-06-13 CVE-2022-1654 Unspecified vulnerability in Artbees Jupiter and Jupiterx
Jupiter Theme <= 6.10.1 and JupiterX Core Plugin <= 2.0.7 allow any authenticated attacker, including a subscriber or customer-level attacker, to gain administrative privileges via the "abb_uninstall_template" (both) and "jupiterx_core_cp_uninstall_template" (JupiterX Core Only) AJAX actions
network
low complexity
artbees
8.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Wordpress 7 2 93 44 18 157