May 18, 2022

Critical WordPress ‘Jupiter’ Theme & Plugin Privilege Escalation

According to an advisory by WordFence, a critical privilege escalation vulnerability affecting ‘Jupiter’ theme and ‘JupiterX Core’ plugin for WordPress was detected and patched.

The Vulnerability

• CVE-2022-1654 (CVSS 3.1: 9.9, Critical) – Authenticated Privilege Escalation and Post deletion. The vulnerability enables any authenticated attacker, including a subscriber, to elevate their privileges up to an administrator.

Affected Products

• ‘Jupiter’ Theme versions 6.10.1 and earlier.
• ‘JupiterX Core’ Plugin versions 2.0.7 and earlier.

Mitigation

CYREBRO recommends updating the relevant plugins to the newest available version in order to mitigate the vulnerability.

References: WordFence Advisory.