Security News > 2023 > August > Jupiter X Core WordPress plugin could let hackers hijack sites

Jupiter X Core WordPress plugin could let hackers hijack sites
2023-08-24 17:26

Two vulnerabilities affecting some version of Jupiter X Core, a premium plugin for setting up WordPress and WooCommerce websites, allow hijacking accounts and uploading files without authentication.

Jupiter X Core is an easy-to-use yet powerful visual editor, part of the Jupiter X theme, which is used in over 172,000 websites.

Rafie Muhammad, an analyst at WordPress security company Patchstack, discovered the two critical vulnerabilities and reported them to ArtBee, the developer of Jupiter X Core, who addressed the issues earlier this month.

WordPress AIOS plugin used by 1M sites logged plaintext passwords.

Hackers exploit zero-day in Ultimate Member WordPress plugin with 200K installs.

WordPress Ninja Forms plugin flaw lets hackers steal submitted data.


News URL

https://www.bleepingcomputer.com/news/security/jupiter-x-core-wordpress-plugin-could-let-hackers-hijack-sites/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Wordpress 7 2 93 44 18 157
Plugin 2 0 13 1 0 14