NITDA Warns Website Owners of Critical WordPress Security Flaw
The National Information Technology Development Agency (NITDA) has issued an urgent warning to website owners about a severe security vulnerability in the Jupiter X Core plugin for WordPress.
In a statement on Thursday via its official X account, NITDA highlighted the flaw—tracked as CVE-2025-0366—which allows unauthorized file uploads and complete website takeovers. The agency emphasized that the vulnerability poses a major threat, particularly to sites handling sensitive user data.
To mitigate the risk, NITDA has urged all users of the Jupiter X Core plugin to update immediately to the latest patched version 4.8.8. The flaw, identified as an unauthenticated privilege escalation vulnerability, could enable attackers to execute arbitrary code, gain administrative access without authentication, and seize full control of affected WordPress websites.
“If exploited, this vulnerability could allow attackers to modify website content, inject malware, or even deface entire websites,” NITDA warned.
Website administrators are strongly advised to take the following security measures:
Update immediately to Jupiter X Core version 4.8.8. Remove outdated or unused plugins to reduce security risks. Monitor for unauthorized admin accounts and unexpected changes. Strengthen security by enabling two-factor authentication (2FA) and using strong passwords.
