The National Information Technology Development Agency (NITDA) has raised alarm over a critical security flaw in the Jupiter X Core plugin for WordPress, which could expose numerous websites to cyber threats.
The agency, through its Computer Emergency Readiness and Response Team (CERRT.NG), warned that the vulnerability, identified as CVE-2025-0366, could allow attackers to take full control of affected sites. Given the widespread use of the Jupiter X theme framework, the agency urged immediate action to mitigate potential risks.
According to the advisory, the flaw is classified as an unauthenticated privilege escalation vulnerability, meaning that cybercriminals could exploit it to gain administrative access without requiring authentication credentials.
Such vulnerabilities pose a serious threat as they enable attackers to execute arbitrary code, modify website content, inject malware, or even steal sensitive user data. The breach could also allow hackers to deface websites or redirect traffic to malicious sites, causing reputational and financial losses.
In response to the threat, NITDA has recommended urgent security measures for website owners and administrators. These include updating the Jupiter X Core plugin to the latest patched version 4.8.8, removing obsolete plugins, and monitoring for unauthorized access.
Additionally, website operators are advised to implement stronger authentication measures, such as two-factor authentication (2FA) and role-based access controls, to prevent unauthorized logins. These steps, the agency noted, are crucial in safeguarding websites from potential exploitation.
Cybersecurity experts have repeatedly warned that outdated or poorly maintained WordPress plugins remain one of the biggest security loopholes for hackers. With WordPress powering over 40% of websites worldwide, vulnerabilities in widely used plugins such as Jupiter X Core present a lucrative target for cybercriminals.
Similar security flaws in other WordPress extensions have previously resulted in data breaches, malware infections, and large-scale website defacements, further emphasizing the need for proactive cybersecurity measures.
As cyber threats continue to evolve, experts urge website owners to adopt a more defensive approach to security. Regular updates, frequent security audits, and the use of website firewalls can help prevent cyber intrusions. NITDA also called for increased awareness among businesses and organizations relying on WordPress, stressing that vigilance and prompt action are necessary to counter the rising tide of cyberattacks on digital platforms.