Security News > 2023 > August > Jupiter X Core WordPress plugin could let hackers hijack sites
Two vulnerabilities affecting some version of Jupiter X Core, a premium plugin for setting up WordPress and WooCommerce websites, allow hijacking accounts and uploading files without authentication.
Jupiter X Core is an easy-to-use yet powerful visual editor, part of the Jupiter X theme, which is used in over 172,000 websites.
Rafie Muhammad, an analyst at WordPress security company Patchstack, discovered the two critical vulnerabilities and reported them to ArtBee, the developer of Jupiter X Core, who addressed the issues earlier this month.
WordPress AIOS plugin used by 1M sites logged plaintext passwords.
Hackers exploit zero-day in Ultimate Member WordPress plugin with 200K installs.
WordPress Ninja Forms plugin flaw lets hackers steal submitted data.