Jump to content
  • Critical Jupiter WordPress plugin flaws let hackers take over sites


    Karlston

    • 671 views
    • 3 minutes
     Share


    • 671 views
    • 3 minutes

    WordPress security analysts have discovered a set of vulnerabilities impacting the Jupiter Theme and JupiterX Core plugins for WordPress, one of which is a critical privilege escalation flaw.

     

    Jupiter is a powerful high-quality theme builder for WordPress sites used by over 90,000 popular blogs, online mags, and platforms that enjoy heavy user traffic.

     

    The vulnerability, tracked as CVE-2022-1654, and given a CVSS score of 9.9 (critical), allows any authenticated user on a site using the vulnerable plugins to gain administrative privileges.

     

    After exploiting the vulnerability, attackers may perform unlimited actions on the site, including altering its content, injecting malicious scripts, or completely deleting it.

     

    The attacker can be a simple subscriber or customer on the site to exploit this vulnerability, so the attack doesn't have very restrictive prerequisites.

    Discovery and fix

    According to Wordfence, which discovered the flaw, the problem lies in a function named "uninstallTemplate," which resets the site after a theme is removed.

     

    This function elevates the user's privileges to admin, so if a logged-in user sends an AJAX request with the action parameter to call the function, they will elevate their privileges without going through nonce or any other checks.

     

    The Wordfence Threat Intelligence team discovered the issue on April 5, 2022, and notified the plugin developer with full technical details.

     

    On April 28, 2022, the vendor released a partial fix for the impacted plugins. Then, on May 10, 2022, Artbees released another security update that addressed the issues thoroughly.

     

    The versions impacted by CVE-2022-1654 are Jupiter Theme version 6.10.1 and older (fixed in 6.10.2), JupiterX Theme version 2.0.6 and older (fixed in 2.0.7), and JupiterX Core Plugin version 2.0.7 and older (fixed in 2.0.8).

     

    The only way to address the security problems is to update to the latest available versions as soon as possible or deactivate the plugin and replace your site's theme.

     

    During this security investigation, Wordfence discovered additional, albeit less severe flaws, that got fixed with the mentioned security updates on May 10, 2022. These flaws are:

     

    • CVE-2022-1656: Medium severity (CVSS score: 6.5) arbitrary plugin deactivation and settings modification.
    • CVE-2022-1657: High severity (CVSS score: 8.1) path traversal and local file inclusion.
    • CVE-2022-1658: Medium severity (CVSS score: 6.5) arbitrary plugin deletion.
    • CVE-2022-1659: Medium severity (CVSS score: 6.3) information disclosure, modification, and denial of service.

     

    These additional four vulnerabilities require authentication to be exploited, and they too are accessible to site subscribers and customers, but their consequences aren't as damaging.

     

     

    Critical Jupiter WordPress plugin flaws let hackers take over sites


    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...