NITDA Warns of Critical WordPress Plugin Vulnerability, Urges Immediate Action
The National Information Technology Development Agency (NITDA) has issued a warning to website owners about a critical security flaw in the Jupiter X Core plugin for WordPress, which could allow hackers to take full control of affected websites.
In a statement released on Wednesday, the agency’s Computer Emergency Readiness and Response Team (CERRT) identified the vulnerability as CVE-2025-0366, describing it as an unauthenticated privilege escalation flaw. If exploited, attackers could execute arbitrary code, gain administrative access without authentication, modify website content, inject malware, or completely deface websites—posing a serious threat to platforms handling sensitive user data.
Website owners using the affected plugin are advised to update immediately to the latest patched version 4.8.8 and remove unused or outdated plugins.
NITDA further urged website administrators to monitor for unauthorized admin accounts, track unexpected website changes, and implement strong authentication methods to enhance security.
