WYSIWYG editor for WordPress and first-draft Elon Musk baby name JupiterX Core has been hijacking accounts and uploading files, but a patch has been issued.
Reporting the news, BleepingComputer also cites Themeforest sales for the JupiterX theme to estimate that it’s used on over 172,000 websites. The real number is probably less than that, but it’s a good indicator of the scale of the problem.
Rafie Muhammad, a researcher at WordPress security firm Patchstack, was the first to discover two distinct vulnerabilities and report them to JupiterX developer ArtBee, who have since patched the flaw. Naturally, if you use this plugin, update your version as soon as possible.
Jupiter X Core WordPress flaw
The first flaw identified, CVE-2023-3838, affects all JupiterX Core versions up to 3.5.5, and allows for file uploads without authentication, opening the floodgates to arbitrary code execution.
A patch came with version 3.3.8, adding authentication checks into the plugin’s ‘upload_files’ function, as well as a second check to block uploads of, per BleepingComputer, “risky” file types. We imagine this means executables.
The second flaw, CVE-2023-38389, allowed for breaches of any WordPress account so long as any attacker knew the email address attached, impacting up to JupiterX Core version 3.3.8.
Version 3.4.3 fixed the flaw, with Muhammad writing that the ‘ajax_handler’ function in the plugin’s Facebook login mechanicism let any attacker, for a time, set key login variables involving Facebook user IDs to any value.
ArtBees resolved the issue by pulling a user’s e-mail address and unique user ID from Facebook’s authentication endpoint, though it seems hard to believe that it wasn’t coded that way to begin with.
Source link
