From WordPress Fame to Flame: The JupiterX Core Security Controversy

Reading Time: ( Word Count: )

August 25, 2023
Nextdoorsec-course

The widely recognized WordPress WYSIWYG editor, JupiterX Core, which was at one time the first draft for Elon Musk’s baby name, has recently been under the scanner for security lapses leading to account breaches and unauthorized file uploads. Fortunately, a corrective patch is now available.

A recent coverage made references to sales records on Themeforest for the JupiterX theme, suggesting its presence on approximately 172,000 sites. Although the actual number might be slightly different, it gives a sense of the magnitude of this concern.

Patchstack’s WordPress security specialist, Rafie Muhammad, was the pioneer in identifying two separate security loopholes within the system. After informing the JupiterX creators, ArtBee, corrective actions have been swiftly undertaken. Users are advised to update their plugins to the latest version to steer clear of these vulnerabilities.

Also Read: The FBI Sheds Light on North Korea-Linked Bitcoin Thefts Worth Millions

CVE-2023-3838 was the first security glitch, prevalent in JupiterX Core versions till 3.5.5. This issue granted unauthenticated file uploads, posing a significant risk of malicious code insertion. Thankfully, the 3.3.8 update fortified the ‘upload_files’ function with authentication safeguards and introduced a secondary barrier against the upload of potentially dangerous files, likely including executables.

The subsequent vulnerability, termed CVE-2023-38389, was even more concerning, potentially compromising any WordPress account as long as the attacker had knowledge of the linked email address. This flaw persisted till JupiterX Core’s 3.3.8 version. 

However, with the introduction of version 3.4.3, Rafie Muhammad pointed out that the bug within the plugin’s Facebook login routine allowed attackers to manipulate certain login parameters related to Facebook user IDs.

To counteract this, ArtBees modified their approach by extracting a user’s email and unique ID directly from Facebook’s authentication mechanism. It does raise eyebrows as to why this wasn’t the initial setup.

Saher Mahmood

Saher Mahmood

Author

Saher is a cybersecurity researcher with a passion for innovative technology and AI. She explores the intersection of AI and cybersecurity to stay ahead of evolving threats.

Other interesting articles

Automated vs Manual Penetration Testing

Automated vs Manual Penetration Testing

Pentesting is largely divided into two methodologies: Automated vs Manual Penetration Testing. Both have ...
8 Steps in Penetration Testing You Should Know

8 Steps in Penetration Testing You Should Know

Mastering the art of penetration testing has become a critical ability for security experts to combat cyber ...
Spear Phishing vs Whaling: What is the Difference

Spear Phishing vs Whaling: What is the Difference

Spear phishing is a particularly devious type of phishing assault in which the individual targeted plays a ...
How Often Should Penetration Testing Be Done

How Often Should Penetration Testing Be Done

Penetration testing is a crucial technique that involves simulating a cyberattack on networks, computer systems, ...
0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *