Security News > 2022 > May > Critical Vulnerability in Premium WordPress Themes Allows for Site Takeover
A critical privilege escalation flaw found in two themes used by more than 90,000 WordPress sites can allow threat actors to take over the sites completely, researchers have found.
WordFence Threat Intelligence Team researcher Ramuel Gall discovered the flaw, one of five vulnerabilities he found between early April and early May in the Jupiter and JupiterX Premium WordPress themes, he revealed in a blog post published Wednesday.
One of the flaws-tracked as CVE-2022-1654 and rated as 9.9, or critical on the CVSS-allows for "Any authenticated attacker, including a subscriber or customer-level attacker, to gain administrative privileges and completely take over any site running either the Jupiter Theme or JupiterX Core Plugin," he wrote.
Affected versions of the themes are: Jupiter Theme 6.10.1 or earlier, and JupiterX Core Plugin 2.0.7 or earlier.
On a site with a vulnerable version of the Jupiter Theme installed, any logged-in user can elevate their privileges to those of an administrator by sending an AJAX request with the action parameter set to abb uninstall template.
"Vulnerable versions of the Jupiter and JupiterX Themes allow logged-in users, including subscriber-level users, to perform Path Traversal and Local File inclusion," Gall explained.
News URL
https://threatpost.com/vulnerability-wordpress-themes-site-takeover/179672/
Related news
- Critical Unpatched Ray AI Platform Vulnerability Exploited for Cryptocurrency Mining (source)
- Critical Security Flaw Found in Popular LayerSlider WordPress Plugin (source)
- Critical flaw in LayerSlider WordPress plugin impacts 1 million sites (source)
- Critical 'BatBadBut' Rust Vulnerability Exposes Windows Systems to Attacks (source)
- Fortinet Rolls Out Critical Security Patches for FortiClientLinux Vulnerability (source)
- A critical vulnerability in Delinea Secret Server allows auth bypass, admin access (source)
- Critical Forminator plugin flaw impacts over 300k WordPress sites (source)
- PoC for critical Progress Flowmon vulnerability released (CVE-2024-2389) (source)
- Critical F5 Central Manager Vulnerabilities Allow Enable Full Device Takeover (source)
- Critical Git vulnerability allows RCE when cloning repositories with submodules (CVE-2024-32002) (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-13 | CVE-2022-1654 | Unspecified vulnerability in Artbees Jupiter and Jupiterx Jupiter Theme <= 6.10.1 and JupiterX Core Plugin <= 2.0.7 allow any authenticated attacker, including a subscriber or customer-level attacker, to gain administrative privileges via the "abb_uninstall_template" (both) and "jupiterx_core_cp_uninstall_template" (JupiterX Core Only) AJAX actions | 9.0 |