Jupiter X Core

Jupiter X Core Plugin Still Contains Vulnerability Allowing Reverting Website Database to Previously Backed Up Version

As detailed in more detail in a security advisory we have released for the developer of the plugin Jupiter X Core, recently the developer left 90,000+ websites open to being hacked for two weeks, after the WordPress security company Wordfence disclosed an easily exploited vulnerability in the plugin where there wasn’t a fix available (while claiming to have done responsible disclosure). Once the new version of the plugin that addressed that was released, we could check over the current state of the plugin. What we found was that Wordfence hadn’t warned people that the plugin still contains many vulnerabilities.

Wordfence explained how to exploit the vulnerability this way: [Read more]

Hackers Probably Already Targeting Vulnerability Wordfence Disclosed Despite Fix Not Being Generally Available

Earlier today, Wordfence released an odd post on their blog. In the post they disclosed an incredibly easy to exploit a vulnerability in a WordPress plugin named Jupiter X Core, which allows anyone logged in to WordPress to change their role to Administrator. They claim to have engaged in “responsible disclosure” with this. While they didn’t provide what they labeled as a proof of concept, the information provides the equivalent of that. They are telling people to update version 2.0.8 of the plugin:

If you are running the JupiterX Core Plugin version 2.0.7 or below, you should immediately update it to version 2.0.8 or higher. [Read more]

Plugin Vulnerabilities

A service to protect your site against vulnerabilities in WordPress plugins.

Tag Archives: Jupiter X Core

Jupiter X Core Plugin Still Contains Vulnerability Allowing Reverting Website Database to Previously Backed Up Version

Hackers Probably Already Targeting Vulnerability Wordfence Disclosed Despite Fix Not Being Generally Available