Connect with us

WORDPRESS

Jupiter X Core WordPress plugin could let hackers hijack sites
Advertisement

WORDPRESS

Hostinger Review: Website Creation Made Easy

WORDPRESS

WP Engine sues WordPress co-creator Mullenweg and Automattic, alleging abuse of power

WORDPRESS

Automattic demanded web host pay $32M annually for using WordPress trademark

WORDPRESS

5 Most Profitable Online Businesses You Can Start Today for Free!

WORDPRESS

The Ultimate WordPress Toolkit for Pros (59+ Must-Have Tools)

WORDPRESS

11 Best eCommerce Solutions Growing in Popularity in 2024

WORDPRESS

Threat Actors Are Exploiting Vulnerabilities Faster Than Ever

WORDPRESS

Threat Actors Are Exploiting Vulnerabilities Faster Than Ever

WORDPRESS

How to Get Web Design Clients: 12 Practical Tactics That Work

WORDPRESS

Jupiter X Core WordPress plugin could let hackers hijack sites

Published

2 years ago

on

Jupiter X Core plugin could let hackers hijack WordPress sites

Two vulnerabilities affecting some version of Jupiter X Core, a premium plugin for setting up WordPress and WooCommerce websites, allow hijacking accounts and uploading files without authentication.

Jupiter X Core is an easy-to-use yet powerful visual editor, part of the Jupiter X theme, which is used in over 172,000 websites.

Rafie Muhammad, an analyst at WordPress security company Patchstack, discovered the two critical vulnerabilities and reported them to ArtBee, the developer of Jupiter X Core, who addressed the issues earlier this month.

Flaw details

The first vulnerability is identified as CVE-2023-38388 and allows uploading files without authentication, which could lead to executing arbitrary code on the server.

The security problem has received a severity score of 9.0 and impacts all JupiterX Core versions starting 3.3.5 below. The developer fixed the problem in version 3.3.8 of the plugin.

Advertisement

CVE-2023-38388 can be exploited because there are no authentication checks within the plugin’s ‘upload_files’ function, which can be called from the frontend by anyone.

The vendor’s patch adds a check for the function and also activates a second check to prevent uploading risky file types.

Implemented file upload checks
Implemented file upload checks (Patchstack)

The second vulnerability, CVE-2023-38389, allows unauthenticated attackers to take control of any WordPress user account on the condition that they know the email address. It received a critical severity rating of 9.8 and impacts all versions of Jupiter X Core starting from 3.3.8 and below.

ArtBees fixed the problem on August 9 by releasing version 3.4.3. All users of the plugin are recommended to update the component to the latest release.

Rafie Muhammad explains that the underlying problem was that the ‘ajax_handler’ function in the Facebook login process of the plugin allowed an unauthenticated user to set any WordPress user’s ‘social-media-user-facebook-id’ meta with any value through the ‘set_user_facebook_id’ function.

As this meta value is used for user authentication in WordPress, an attacker can abuse it to authenticate as any registered user on the site, including administrators, as long as they use the correct email address.

ArtBees’ solution is to fetch the required email address and unique user ID directly from Facebook’s authentication endpoint, ensuring the legitimacy of the login process.

Advertisement
Part of the revamped Facebook login process
Part of the revamped Facebook login process (Patchstack)

Users of the JupiterX Core plugin are recommended to upgrade to version 3.4.3 as soon as possible to mitigate the severe risks posed by the two vulnerabilities.

At the time of writing we could not find any public reports about the two vulnerabilities being exploited in the wild.

Source link

Keep an eye on what we are doing
Be the first to get latest updates and exclusive content straight to your email inbox.
We promise not to spam you. You can unsubscribe at any time.
Invalid email address
Related Topics: