Jupiter X Core WordPress plugin site hijacking vulnerability

published: Aug. 24, 2023

Take action: If you are using Jupiter X Core for WordPress and WooCommerce, patch immediately!

Learn More

Jupiter X Core, a premium plugin for WordPress and WooCommerce, has two vulnerabilities that could potentially be exploited by hackers to compromise websites. The plugin is part of the widely-used Jupiter X theme and is utilized on over 172,000 websites, was discovered to have these critical security issues by Rafie Muhammad, an analyst from the WordPress security company Patchstack.

ArtBees, the developer of Jupiter X Core took action to address the problems earlier this month.

  • CVE-2023-38388 (CVSS3 score 9.0) enables unauthorized users to upload files without the need for authentication. The exploit is possible because the plugin's 'upload_files' function lacks proper authentication checks and can be triggered by anyone accessing the frontend. This could potentially result in the execution of arbitrary code on the server. This vulnerability impacts all versions of Jupiter X Core from 3.3.5 and below. ArtBees fixed this vulnerability with the release of version 3.3.8 of the plugin.
  • CVE-2023-38389 (CVSS3 score 9.8) permits unauthenticated attackers to take control of any WordPress user account, provided they possess knowledge of the corresponding email address. This vulnerability affects all versions of Jupiter X Core ranging from 3.3.8 and earlier. ArtBees issued a fix for this issue on August 9 by releasing version 3.4.3 of the plugin. The flaw originated from the 'ajax_handler' function within the Facebook login process of the plugin. It allowed unauthenticated users to modify the 'social-media-user-facebook-id' meta associated with any WordPress user via the 'set_user_facebook_id' function. As this meta value is crucial for user authentication in WordPress, attackers can misuse it to authenticate as any registered user, including administrators, as long as they have access to the correct email address. ArtBees' solution involved directly obtaining the necessary email address and unique user ID from Facebook's authentication endpoint to ensure the legitimacy of the login process.

It is strongly recommended that users of the Jupiter X Core plugin update to version 3.4.3 as soon as possible to mitigate the significant risks posed by these two vulnerabilities. As of now, there have been no reported instances of these vulnerabilities being exploited in the wild.

Jupiter X Core WordPress plugin site hijacking vulnerability