The Jupiter X Core plugin for WordPress has been updated to patch two critical vulnerabilities.
Jupiter X Core is an easy-to-use yet powerful visual editor, part of the Jupiter X theme, which is used in over 172,000 websites.
The vulnerabilities, which have been assigned the CVE identifiers CVE-2023-38388 and CVE-2023-38389, could allow an attacker to take control of a WordPress website.
The first vulnerability, CVE-2023-38388, allows an attacker to upload arbitrary files to a WordPress website without authentication. This could be used to upload malicious files, such as malware or backdoors, to the website.
The second vulnerability, CVE-2023-38389, allows an attacker to take control of any WordPress user account, provided they know the email address of the account. This could be used to take over the account and gain access to the website’s content and settings.
The vulnerabilities have been patched in Jupiter X Core version 3.4.3. All users of the plugin are advised to update to the latest version as soon as possible.
To update the Jupiter X Core plugin, follow these steps:
- Go to the Plugins page in your WordPress dashboard.
- Click on the “Installed Plugins” tab.
- Locate the Jupiter X Core plugin and click on the “Update” button.
- Click on the “Update Now” button to confirm the update.
Once the update has been completed, your WordPress website will be protected from the two critical vulnerabilities.
