Researchers have published a new set of critical flaws in the JupiterX and Jupiter Theme core plugins for WordPress. One revealed Jupiter plugin flaw constitutes an essential privilege escalation exploit that enables threat actors to take over the infected WordPress websites.
The critical flaw, tracked by researchers as CVE-2022-1664 with a 9.9 severity score, can allow authenticated individuals to obtain administrative privileges by utilising the vulnerable plugins.
The revealed Jupiter plugin exploit enables a malicious threat actor or group to run unlimited commands on the site, such as injecting malicious scripts, altering website details, or deleting webpage contents.
This threat campaign does not include restrictive requirements. A simple customer or a subscriber of the WordPress site can take advantage of this critical flaw. This newly discovered bug can affect several Jupiter versions such as “Theme version 6[.]10[.]1” or older patches. The exploit can also compromise the JupiterX Core Plugin version 2.0.7 and previous patches. The flaw can also compromise the Jupiter Theme version 2.0.8, which is the latest version.
The discovery of the critical flaw inside the Jupiter plugin prompted an investigation for additional vulnerabilities that threat actors can use.
Unfortunately, the research revealed several flaws that require authentication to be activated. These flaws are the CVE-2022-1659, CVE-2022-1657, CVE-2022-1656, and CVE-2022-1658.
During the earlier months of this year, researchers observed several cybercriminal activities that target the exploits in WordPress plugins. Last week, analysts discovered the Sysrv-K botnet by exploiting WordPress plugins and Spring Framework bugs. The botnet infected Linux and Windows-based operating systems.
On a related topic, thousands of WordPress sites were classified by researchers as “prone” to attacks because of a remote code execution flaw in the Tatsu Builder plugin.
As of now, there is an abundance of critical flaws in the WordPress plugins. Some of these flaws are currently being exploited by several threat groups. Furthermore, there are new vulnerabilities that are very critical in can enable any logged-in user to acquire admin privileges.
Security experts recommend that companies or users keep their devices updated with the latest patches to mitigate the chances of being exploited by threat actors.
