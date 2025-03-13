Share

The National Information Technology Development Agency (NITDA) has issued a warning to Nigerian website owners about a newly discovered security vulnerability in the Jupiter X Core plugin for WordPress.

This was disclosed by the agency on its official x account. The vulnerability, identified as CVE-2025-0366, poses a significant cybersecurity risk, potentially allowing attackers to take control of affected websites without authentication.

According to the agency, a security advisory from the Computer Emergency Readiness and Response Team Nigeria (CERNT. NG) noted that the flaw is an “unauthenticated privilege escalation vulnerability,” meaning attackers can gain administrative access or execute arbitrary code on websites using this plugin.

“A critical security flaw has been discovered in the Jupiter X Core plugin for WordPress, affecting websites using this popular theme framework,” the statement read.

The impact of this security flaw is far-reaching. If exploited, attackers can gain complete control over affected WordPress sites, allowing them to modify or delete website content, inject malware that can infect users visiting the website, steal sensitive information such as customer data and login credentials, and also redirect users to phishing websites.

To prevent exploitation of the vulnerability, CERNT.NG has outlined four key steps that website administrators and business owners should take immediately: which include updating to the latest version, removing outdated or unused plugins, monitoring for unauthorised access, and using strong authentication methods.

