"Jupiter X Core WordPress Plugin Could Let Hackers Hijack Sites"

Two vulnerabilities impacting Jupiter X Core, a premium plugin for configuring WordPress and WooCommerce websites, enable account hijacking and file uploading without authentication. Jupiter X Core is a simple but powerful visual editor, which is part of the Jupiter X theme used in over 172,000 websites. Rafie Muhammad, an analyst with the WordPress security company Patchstack, uncovered the two vulnerabilities and reported them to ArtBee, the Jupiter X Core developer, who fixed the flaws earlier this month. The first vulnerability, tracked as CVE-2023-38388, allows for uploading files without authentication, potentially leading to the execution of arbitrary code on the server. The second vulnerability, tracked as CVE-2023-38389, allows unauthenticated attackers to take control of any WordPress user account if the email address is known. This article continues to discuss the potential impact of the Jupiter X Core vulnerabilities. 

Bleeping Computer reports "Jupiter X Core WordPress Plugin Could Let Hackers Hijack Sites"